Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe

Overview

General Information

Sample Name:AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
Analysis ID:694545
MD5:5952de86d1a047feceb4f21828cf0f74
SHA1:5194f085b9374789c3c7760c571f19a4c1b2231b
SHA256:9553b533d1d85c669b6b529506ea25a44a1cd3795f71d61503923e5ce0270ea9
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Yara detected Generic Downloader
Uses 32bit PE files
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0041E7B0 CryptAcquireContextA,0_2_0041E7B0
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAuditCs\GuiClrAuditCs.pdb$z source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.405595143.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\If.pdb'' source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.446707299.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBase.pdbdd source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.408765997.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavcodec\avcodec-57.pdb0 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.323502368.00000000029F5000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavcodec\avcodec-57.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.323502368.00000000029F5000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSystemTree\GuiClrSystemTree.pdb\ source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.431861452.00000000029FB000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrViewWindow.pdb<< source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.435454031.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSearch.pdb33 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.426115847.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBookmarks.pdb!! source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.410434447.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\EagleClr.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.371133006.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBookmarks.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.410434447.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\ExportWriters.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.384340934.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSetupCs\GuiClrSetupCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavutil\avutil-55.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325675397.00000000029FD000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrImagePanelCs\GuiClrImagePanelCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.414670737.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAppCs\GuiClrAppCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.401850011.00000000029FF000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrTimelineCs\GuiClrTimelineCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.433239691.00000000029F7000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\jenkins\workspace\SDK - Windows DEVELOP\GEISDK\GEISDK\Release\GEISDK.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.389965476.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrImagePanel.pdb** source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.413615714.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrImagePanel.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.413615714.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrMaps.pdb++ source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.416358575.00000000029F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\Eagle.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSearch.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.426115847.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBase.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.408765997.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\ExportWriters.pdbZ' source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.384340934.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSearchCs\GuiClrSearchCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.427255969.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrMaps.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.416358575.00000000029F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAuditCs\GuiClrAuditCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.405595143.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\EagleCs\EagleCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.378234427.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\CmnStor.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.339548112.00000000029FF000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\If.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.446707299.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\Eagle.pdb> source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSetup.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.428825437.00000000029FA000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSystemTree\GuiClrSystemTree.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.431861452.00000000029FB000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrMapsCs\GuiClrMapsCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.419243765.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrAudit.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.403459405.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavformat\avformat-57.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325011536.00000000029F8000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\EagleClr.pdb88 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.371133006.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrViewWindow.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.435454031.00000000029F1000.00000004.00000800.00020000.00000000.sdmp

      Networking

      barindex
      Yara detected Generic Downloader
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dll, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dll, type: DROPPED
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate.avigilon.com./PublicLicenseInfo/site
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate.avigilon.com/activation/activate_autoshttp://activate.avigilon.com/deactivation/deac
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate.avigilon.comAGuiClr.Setup.LicensingDialogBaseCGuiClr.Setup.LicensingRequestDemom/Gui
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.445852544.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.444978440.00000000029F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icu-project.org
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.414670737.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.401850011.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.427255969.00000000029F3000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.telerik.com/2008/xaml/presentation
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll6666666666666666jjjjjjjjjjjjjjjj
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blue.avigilon.com$Setup/MediaServer/
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blue.avigilon.comY/GuiClrSetupCs;component/cloudsetupview.xaml%AudioSetupPageText
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: icudt44.dll.0.drStatic PE information: No import functions for PE file found
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.419243765.00000000029F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrMapsCs.dll. vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.445852544.00000000029FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameicuuc44.dll vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.378234427.00000000029F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEagleCs.dll4 vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.444978440.00000000029F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameicuin44.dll vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.414670737.00000000029FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrImagePanelCs.dll6 vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.385327538.00000000029FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefisheye.dllp( vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.401850011.00000000029FF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrAppCs.dll, vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.431861452.00000000029FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrSystemTree.dll4 vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.389965476.00000000029F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGEISDK.dll^ vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.433239691.00000000029F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrTimelineCs.dllB vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.427255969.00000000029F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrSearchCs.dll> vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrSetupCs.dll4 vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.355027924.00000000029F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameD3DX9D.dll` vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.405595143.00000000029F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGuiClrAuditCs.dll4 vs AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0042A0100_2_0042A010
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004200200_2_00420020
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004421DD0_2_004421DD
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0043C42A0_2_0043C42A
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004224300_2_00422430
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0044C5A00_2_0044C5A0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0043662E0_2_0043662E
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0044A7200_2_0044A720
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0044A7B00_2_0044A7B0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0041C8160_2_0041C816
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0044A9800_2_0044A980
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00432A0C0_2_00432A0C
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0044AC700_2_0044AC70
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00436CD00_2_00436CD0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00448CB00_2_00448CB0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00424F400_2_00424F40
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004490B00_2_004490B0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0043721A0_2_0043721A
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004213F00_2_004213F0
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: String function: 004291C0 appears 47 times
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: String function: 004160E0 appears 55 times
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: String function: 00429235 appears 47 times
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: String function: 00429470 appears 42 times
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: String function: 00428DDF appears 353 times
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile read: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeJump to behavior
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZNJump to behavior
      Source: classification engineClassification label: sus26.troj.winEXE@1/179@0/0
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeStatic file information: File size 84607631 > 1048576
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAuditCs\GuiClrAuditCs.pdb$z source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.405595143.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\If.pdb'' source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.446707299.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBase.pdbdd source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.408765997.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavcodec\avcodec-57.pdb0 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.323502368.00000000029F5000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavcodec\avcodec-57.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.323502368.00000000029F5000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSystemTree\GuiClrSystemTree.pdb\ source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.431861452.00000000029FB000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrViewWindow.pdb<< source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.435454031.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSearch.pdb33 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.426115847.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBookmarks.pdb!! source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.410434447.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\EagleClr.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.371133006.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBookmarks.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.410434447.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\ExportWriters.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.384340934.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSetupCs\GuiClrSetupCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavutil\avutil-55.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325675397.00000000029FD000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrImagePanelCs\GuiClrImagePanelCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.414670737.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAppCs\GuiClrAppCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.401850011.00000000029FF000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrTimelineCs\GuiClrTimelineCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.433239691.00000000029F7000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: c:\jenkins\workspace\SDK - Windows DEVELOP\GEISDK\GEISDK\Release\GEISDK.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.389965476.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrImagePanel.pdb** source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.413615714.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrImagePanel.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.413615714.00000000029F4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrMaps.pdb++ source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.416358575.00000000029F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\Eagle.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSearch.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.426115847.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrBase.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.408765997.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\ExportWriters.pdbZ' source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.384340934.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSearchCs\GuiClrSearchCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.427255969.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrMaps.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.416358575.00000000029F2000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrAuditCs\GuiClrAuditCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.405595143.00000000029F3000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\EagleCs\EagleCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.378234427.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\CmnStor.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.339548112.00000000029FF000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\If.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.446707299.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\Eagle.pdb> source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrSetup.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.428825437.00000000029FA000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrSystemTree\GuiClrSystemTree.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.431861452.00000000029FB000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\obj\GuiClrMapsCs\GuiClrMapsCs.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.419243765.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrAudit.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.403459405.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGEXT-WIN\se\libs\ffmpeg\ffmpeg-3.1.4\build_vc_win32_shared\libavformat\avformat-57.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325011536.00000000029F8000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\EagleClr.pdb88 source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.371133006.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\bamboo\build-dir\ACC-NGACCWIN56-JOB1\software-internal\Build\Win32-Release\bin\GuiClrViewWindow.pdb source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.435454031.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_004291C0 push eax; ret 0_2_004291DE
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00429440 push eax; ret 0_2_0042946E
      Source: avcodec-57.dll.0.drStatic PE information: section name: .rodata
      Source: avcodec-57.dll.0.drStatic PE information: section name: .rodata
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0043232C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0043232C
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libssl-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAuditCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_iostreams-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Dev.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleClr.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrApp.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\d3dx9_34.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrResources.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_serialization-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\ClientEntry.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaPipeline.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetup.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libquadmath-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProcessor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GEISDK.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\DevProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\xerces-c_3_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMaps.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindow.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSystemTree.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avformat-57.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SoapCommon.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log_setup-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_chrono-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrDirectory.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Eagle.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SSPI.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Css.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearchCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_zlib-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\freetype-6.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_thread-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\swresample-2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererHardware.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrFormsCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libopenblas.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetClr.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_filesystem-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgcc_s_sjlj-1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\If.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avutil-55.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuin44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Io.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\openh264.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\vrllite.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avcodec-57.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Model.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_date_time-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\vccorlib120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Wpf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Input.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_random-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaExecutor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\fisheyesw.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBase.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp80.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanelCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Converters.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuuc44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\opus.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrWpfBase.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererSoftware.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrForms.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\zxcvbn.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMapsCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererAudio.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearch.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetupCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSysProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icudt44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\protobuf-net.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\IMV1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrTimelineCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_system-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\AnalyticsProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr80.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStorProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBookmarks.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAudit.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Dom.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\swscale-4.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAppCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanel.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\ExportWriters.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClient.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\pthreadVC2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\VmsPlayerApp.exeJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\IfSoap.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Runtime.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libxml2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgfortran-3.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCodec.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libprotobuf-2.3.0.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSys.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClientProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Gdi.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererWpf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindowCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeFile created: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avfilter-6.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libssl-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAuditCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_iostreams-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Dev.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleClr.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrApp.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\d3dx9_34.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrResources.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_serialization-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaPipeline.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\ClientEntry.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetup.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProcessor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libquadmath-0.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GEISDK.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\DevProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\xerces-c_3_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMaps.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindow.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSystemTree.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avformat-57.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SoapCommon.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log_setup-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrDirectory.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_chrono-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Eagle.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SSPI.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Css.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearchCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_zlib-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\freetype-6.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\swresample-2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_thread-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererHardware.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrFormsCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libopenblas.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetClr.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_filesystem-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgcc_s_sjlj-1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\If.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avutil-55.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuin44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Io.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\openh264.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\vrllite.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avcodec-57.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Model.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_date_time-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\vccorlib120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Wpf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Input.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaExecutor.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_random-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBase.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\fisheyesw.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCore.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanelCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp80.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Converters.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\opus.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuuc44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererSoftware.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrWpfBase.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrForms.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\zxcvbn.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMapsCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearch.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetupCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererAudio.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSysProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\protobuf-net.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\icudt44.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\IMV1.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrTimelineCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\AnalyticsProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_system-vc120-mt-1_62.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Data.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr80.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStorProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBookmarks.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAudit.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Dom.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\swscale-4.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAppCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanel.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\ExportWriters.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClient.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\VmsPlayerApp.exeJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\pthreadVC2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\IfSoap.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Runtime.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libxml2.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgfortran-3.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCodec.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\libprotobuf-2.3.0.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSys.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProtobuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClientProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetProtoBuf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Gdi.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererWpf.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindowCs.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr120.dllJump to dropped file
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ckz_5KZN\avfilter-6.dllJump to dropped file
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325675397.00000000029FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: xvmcidct
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.325675397.00000000029FD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgraygray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbrgbaabgrbgragray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva422pyuva444pyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20bergba64bergba64lebgra64bebgra64leyvyu422vdaya16beya16legbrapgbrap16begbrap16leqsvmmald3d11va_vldcuda0rgbrgb00bgrbgr0yuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12beayuv64leayuv64bevideotoolbox_vldp010lep010begbrap12begbrap12legbrap10begbrap10leunknowntvpcreservedbt470mbt2020smpte428-1linearlog100log316iec61966-2-4bt1361eiec61966-2-1bt2020-10bt2020-20smpte2084arib-std-b67gbrycgcobt2020ncbt2020cunspecifiedleftcentertoplefttopbottomleftbottomrgb32bgr32le%s%svaapiname nb_components nb_bits%-11s %7d %10dbeyuvjxyzpixelutils support is required but libavutil is not compiled with it
      Source: AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.323502368.00000000029F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0043232C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0043232C
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00430B40 SetUnhandledExceptionFilter,0_2_00430B40
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_00430B52 SetUnhandledExceptionFilter,0_2_00430B52
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exeCode function: 0_2_0042D2C5 GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA,0_2_0042D2C5

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		Path InterceptionPath Interception1
      Deobfuscate/Decode Files or Information      		OS Credential Dumping1
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium2
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
      Obfuscated Files or Information      		LSASS Memory3
      System Information Discovery      		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe2%VirustotalBrowse
      AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe2%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\ckz_5KZN\AnalyticsProtobuf.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://blue.avigilon.comY/GuiClrSetupCs;component/cloudsetupview.xaml%AudioSetupPageText0%Avira URL Cloudsafe
      http://activate.avigilon.comAGuiClr.Setup.LicensingDialogBaseCGuiClr.Setup.LicensingRequestDemom/Gui0%Avira URL Cloudsafe
      https://blue.avigilon.com$Setup/MediaServer/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.winimage.com/zLibDllAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.winimage.com/zLibDll6666666666666666jjjjjjjjjjjjjjjjAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.365069060.0000000002A81000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://activate.avigilon.com./PublicLicenseInfo/siteAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://schemas.telerik.com/2008/xaml/presentationAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.414670737.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.401850011.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.427255969.00000000029F3000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://blue.avigilon.comY/GuiClrSetupCs;component/cloudsetupview.xaml%AudioSetupPageTextAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://icu-project.orgAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.445852544.00000000029FF000.00000004.00000800.00020000.00000000.sdmp, AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.444978440.00000000029F6000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://activate.avigilon.com/activation/activate_autoshttp://activate.avigilon.com/deactivation/deacAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://activate.avigilon.comAGuiClr.Setup.LicensingDialogBaseCGuiClr.Setup.LicensingRequestDemom/GuiAvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://blue.avigilon.com$Setup/MediaServer/AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe, 00000000.00000003.429990990.00000000029F1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox Version:35.0.0 Citrine
                  Analysis ID:694545
                  Start date and time:2022-08-31 23:33:08 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 10m 54s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Sample file name:AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:SUS
                  Classification:sus26.troj.winEXE@1/179@0/0
                  EGA Information:
                  • Successful, ratio: 100%
                  HDC Information:
                  • Successful, ratio: 7.1% (good quality ratio 7%)
                  • Quality average: 78.3%
                  • Quality standard deviation: 20.8%
                  HCA Information:
                  • Successful, ratio: 97%
                  • Number of executed functions: 20
                  • Number of non-executed functions: 60
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Adjust boot time
                  • Enable AMSI

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                  • Excluded IPs from analysis (whitelisted): 23.211.6.115
                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, eudb.ris.api.iris.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                  • Not all processes where analyzed, report is missing behavior information

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\AnalyticsProtobuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):614400
                  Entropy (8bit):6.548687206658663
                  Encrypted:false
                  SSDEEP:6144:uNzx8oo6ZFVlwB3l48fnaiaQ3BVnhWTe3V1ulaiKpVO/BK:uNzxI67VlwB3lBXYJ
                  MD5:3D7370B7B752466B925F0A86589F7D0F
                  SHA1:65B780DC2D295C5991F922DBDB370CEB3691C832
                  SHA-256:231AA7D2FC3BAF8E12792177BB302D743A16872158F2AD995EC574E7AE757D9F
                  SHA-512:F4C7FD376AAE7906631ADA9F53B08115C747C0C3C9D084BD79601AF93A554F3FA23C9C6E56EEABF7F0662E660797C1B8BA0A51F2CC3EC5B8608316A9C2C8AA00
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............c..c..c....c....c....c....c.XG...c.0&...c..b.M.c.0&...c.0&...c....c.0&...c.Rich..c.........PE..L......[...........!.....,...6......g........@............................................@.........................pH...j......d.... .......................0...k......................................@............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...............................@....rsrc........ ......................@..@.reloc...k...0...l..................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\ClientEntry.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):278016
                  Entropy (8bit):6.141934400462276
                  Encrypted:false
                  SSDEEP:6144:LAz+AJJ4/5mfwTJ3BL2uvj7vPmGo6GoY:LAPJJs5mqFeAGoY
                  MD5:0B788D110561957707DE1CDBE22BA49D
                  SHA1:46E45955B7ACA705D8BB091878D20A796A91E3E3
                  SHA-256:D76FDE94E9B43E483CD00136B417A8456D5A565EA663D5020ED2B5FBF003A7F2
                  SHA-512:DDC57C65A2CDE9A998D4DFF4E0028F1884FAEBD9CFADE6D2D2056D67F3661DB8F94D8366B52FD5C36DA082BE84CDE30620B79A001EA98A82BADE81BEFA39C8E8
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]................ ......................."......s4......."...............................#.......$.......!.....Rich............................PE..L......[...........!................S;....................................................@.................................<........0.......................@...5...................................^..@...............X............................text............................... ..`.rdata..pd.......f..................@..@.data...,...........................@....rsrc........0......................@..@.reloc...5...@...6..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClient.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):19531776
                  Entropy (8bit):6.424057242481078
                  Encrypted:false
                  SSDEEP:196608:9REf6ZwcwjMVFtkU3tKGgE4hcWLiMLDcjXMHZZD/K7b3:3+66jMylLnckZlK7b
                  MD5:15A48E50BDEF23BE94DC0A408D3C9AF1
                  SHA1:953C4CC60E2E5B0A6B1528BD34F149FBFBD047CB
                  SHA-256:237446104F608E2257172C4C9D7C4DBB768215B5A34E34B1DB0761AB24226A55
                  SHA-512:4B7BA72D0CE9659FF2603BE023E42E81788EB80D5121E506816E4A9905ABB5C5F3BFCCC0A9BB05B7B849EE9A9ECABF91B90AFC838A75FE0D7E7EDCD43B4B325A
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...........................0.............1....kg.......N..........u......u......u......kg.......1....kg...................5......1.........................Rich...........................PE..L...x..[...........!.........rO...............................................*...........@..............................@..PY..H....@.......................P..T*...L..8............................"..@................B...........................text............................... ..`.rdata....3.......3.................@..@.data...L........T..................@....rsrc........@......................@..@.reloc..T*...P...,..................@..B........................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnClientProtoBuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):288768
                  Entropy (8bit):6.541589928333761
                  Encrypted:false
                  SSDEEP:3072:UWUYxdh9Blk2Zsq/T2cpO3j66666666666666666666666mSwFjBuuuuuujhgUPh:7bxdh9nsQojrQW+5/8ZnylbKUc/
                  MD5:6F852388AA74E01471B7D1F7854C4A05
                  SHA1:CD03183E12C0A2DD5D8BB9C9276474EDEB904C00
                  SHA-256:A982663E749BD93B0022AB1DA7AB38CBCE04913DD324938AD699348794B9D792
                  SHA-512:5255B95B7EAF8F6EC12980E7AEBD7B9F46ACE5771CF54B3FFFA9A1825E7BC4E08BD758EAA57119D0A3F919A7A43CEF9EBC9C8FE4BC318C75EAC7130E375A3B4D
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`.-...~...~...~.S.~...~.S,~...~.S-~...~.S.~...~j..~...~...~...~...~...~..)~...~...~...~.S.~...~...~...~Rich...~................PE..L......[...........!................Cx....................................................@..........................T...............P.......................`...1..................................X ..@............................................text............................... ..`.rdata...f.......h..................@..@.data...4....@.......*..............@....rsrc........P.......4..............@..@.reloc...1...`...2...6..............@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStor.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):4470272
                  Entropy (8bit):6.431315106013112
                  Encrypted:false
                  SSDEEP:98304:PraebigO+aJmc7eA7TMZiNFR657w57q57d570qqq:PraebigO+an7eA7TMAL
                  MD5:50F5DDA0763603E1110EE984E9147CF4
                  SHA1:2FF6B05E4117E47CC05EE15D4DF75BAA4EA06838
                  SHA-256:F5C32B05AFE04D5D4D087B8A172E696CB9C5DB7E2055CA347FF69D9CAA2C68AF
                  SHA-512:98BC80E406078BBCF0FD86BB055D82F2FDA7E28E391EDD349E081921ED8C84CAFACD894CDEECB98F202122165CA3723B11991B81315F66BE37C8A1065551F045
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6'.RrFz.rFz.rFz.....zFz.....~Fz.....vFz.....zFz.....sFz.....tFz....WFz.rF{..@z.....Fz....sFz.....sFz....sFz.RichrFz.........................PE..L......[...........!......3..H........-...... 3...............................D...........@...........................;.....|.>.......A.......................A.4....F3.8...........................H.5.@............ 3..............................text...4.3.......3................. ..`.rdata...Y... 3..Z....3.............@..@.data....+....@......b@.............@....rsrc.........A......tA.............@..@.reloc..4.....A......vA.............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnStorProtoBuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):160768
                  Entropy (8bit):6.509994773698355
                  Encrypted:false
                  SSDEEP:3072:RNpRy9eabwmLLLLLLLLPZAW0J+DKeCbZL:PpA9eemvwKe6
                  MD5:172338DF6F6C2193C45172C4827E94E6
                  SHA1:B70456775FE70ADEF9D74D536A863B608D1A72AA
                  SHA-256:18F6CCAD7870769924FE6137D45F05FB2DDDBBD56D078AABEDB4AA6B307FAD95
                  SHA-512:5B9DE67B996133679A98858288F751DDE1D145AD457748A44E6EB59EC90A3DEAFE8F019D81C7E7BBFDD5C57F2655D90212927DE83F50FA5160223C61D317E76C
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..`o..3o..3o..3bL.3n..3bL.3c..3bL,3k..3bL.3j..3..:3m..3.,3h..3o..3...3..3m..3.-3n..3bL*3n..3./3n..3Richo..3........................PE..L......[...........!.........d.......]....... ............................................@.........................@a......D........p...............................................................D..@............ ..H............................text...$........................... ..`.rdata..$?... ...@..................@..@.data........`.......T..............@....rsrc........p.......X..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSys.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):17543680
                  Entropy (8bit):6.546085406135151
                  Encrypted:false
                  SSDEEP:393216:+GXatJ8TUpysFLram0NrC1vglbjdLl/jQM:+GXyCTUpysFLram0NrCdeldjQ
                  MD5:7C28A396387102B5767972309D4895E2
                  SHA1:6DBF000819B73D7549AF0202150EEF16D0D224EA
                  SHA-256:13CB4C4B584A22886AD386ED81BD02864539113B07E1FCB01EEDE63D12086173
                  SHA-512:B608CEBBC0D94BC3FA7C275A11ABD3196876EB5E1DEEC0879F1E2A7414149D85AC14DCC26BD4B44233737A9C5DB0D04533D6EDC32AEF2A46C9ED967388E313B9
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.Y...7S..7S..7S.?.S..7S]..S..7S...S..7S...S..7S...S..7S...S..7S.?.S..7S.^.S*.7S..6S}.7S...S..7S..7S..7S.^.S..7S.^.S..7S...S..7S.^.S..7SRich..7S........PE..L......[...........!.........6^......+.......0............................................@.......................... ...<..,].........................................8...........................@:..@............0...v...........................text...&........................... ..`.rdata....K..0....K.................@..@.data...d...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\CmnSysProtoBuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):10774016
                  Entropy (8bit):6.653908487184106
                  Encrypted:false
                  SSDEEP:49152:CvFVllumoTQuJF4q6a59jB/jpljkUYSHSSQh1BaAA:CvjlYZTQuJF4qxlpljkUYSHSSa
                  MD5:71C287955C9A147AB73A4CEC881ACDB8
                  SHA1:4773F0A28D4CA514CA0AC36F45A653A336902A8E
                  SHA-256:9B67D473B34961CA7DB3800A90DD794FC071379238A1EDFC7A7B192C07FA6935
                  SHA-512:4964E0F04FF6C4BA8A13E7541454DD9B2486239781D1EA708CD6C689F9DF245AF14689F32361C8A80404D463A2FA53AAF94BEF2C409D1255DD1A0EED13DA0709
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..C*.C*.C*.Nx..A*.Nx>.O*.Nx..G*.Nx?.F*.....A*.....H*.C*..(...;..*.....B*.Nx..B*.....B*.RichC*.........PE..L...b..[...........!......B...a.....k.........C..........................................@...........................T.I.F........................................................................`.M.@.............C..............................text...{.B.......B................. ..`.rdata..vNY...C..PY...B.............@..@.data....y...P...>...D..............@....rsrc..............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Dev.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):617984
                  Entropy (8bit):6.340358039845468
                  Encrypted:false
                  SSDEEP:6144:/LB6r/hOKBFxdYxVCvOdZE4jrqTI/8SYgbEZnSDQSn8Nuuhc:DArpOKBFcSAZbEMRcg0
                  MD5:B13901157AEB2A45AFFAE77E29C454E8
                  SHA1:7D82735F64BD95DCFF1C3DF6EB05973DF80C3CD0
                  SHA-256:9355BCE0B1F86E9EC88B39CA5416514D2E0249BCF9934109904ABDEF2D886E3F
                  SHA-512:C75E465701E35E49A8D7D8C56BCD3180F1F6DE26466C5F011735E62197D8118F5E42EE2838E8F5D54CD1F1FFD7629DA7177A2A03FA0487512E9030903D4482A1
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................6.............7....+6.....CW........o..CW7....CW............CW.....Rich...................PE..L......[...........!.....L...&...............`............................................@.........................PP..1=...........0.......................@..|V...g..8...........................8...@............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data...t,.......&..................@....rsrc........0......................@..@.reloc..|V...@...X..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\DevProtoBuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):229376
                  Entropy (8bit):6.490386479112704
                  Encrypted:false
                  SSDEEP:3072:CIFAYrgYEyVy3OHzFFFFFFFFFFFFFFFFFzYwYVVVIX8drmMzB0J++KoXo:rvrgoX8dt6dKo
                  MD5:98BCDB3C317BA5F705E098E98A4F69AB
                  SHA1:49B7A34A70E13FBC429828419388ACE14A3A371F
                  SHA-256:60E53BBB3BED6B721C5FECE9248D903792AE23EE01CB2B7E62CCD39ACBE0EAE8
                  SHA-512:1F4649D50EFAB982277EE8C34D19980ABF757B6E2F476BB4A4A235E52F5946ABC86336AA5FB37892313C0A816FF6A64F9E3FE16FD2C5F0993B964EBA6B1F68C8
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Z..Z..Z.....Z.....Z.....Z.....Z.N+...Z.&J...Z..[.Q.Z.&J...Z.&J...Z.....Z.&J...Z.Rich..Z.................PE..L......[...........!.....r..........yz....................................................@.........................@....E...,..x................................%......................................@............................................text...tq.......r.................. ..`.rdata...............v..............@..@.data...d....p.......P..............@....rsrc................X..............@..@.reloc...%.......&...Z..............@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Eagle.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):4305408
                  Entropy (8bit):6.583187966685266
                  Encrypted:false
                  SSDEEP:49152:GuzfqRLz7BuKSfkAjBgF759xB2M44I4GcownmGZQqTfiVmAj2LV+dFbsn:5zyR7BuKcBI84Bown7+dnj
                  MD5:1221B9744DFA00540387361E1D3CC301
                  SHA1:7D02FD843E10B69EA8E442CF61C2151FC9378C5A
                  SHA-256:F00114F94349F19947FB6F1CA54B81CC89773F7AAC698A24CA1FE7CE50418FC7
                  SHA-512:DBAA3A42C0BBFA70E455303D524AC9184E765A23DA25FE1ED5B0463EDC80D02C695CEEEE825FF26C285ABA18290BFCEB1FACCA02BF2EF0AE5EBA364B091E1D12
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........A...A...A...L.s.M...L.L.L...L.q.E...L.M.F....X|.@....9L.T....9q.]....Xg.f...A.........2.G...A...y....9M....9p.@...L.w.@...A.;.@....9r.@...RichA...................PE..L......[...........!......+...........&.......+..............................`C...........@..........................F8.....pJ<......`@......................p@.....`.+.8.............................3.@.............+.d............................text...4.+.......+................. ..`.rdata...T....+..V....+.............@..@.data...TG....=.......<.............@....rsrc........`@.......>.............@..@.reloc.......p@.......>.............@..B................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleClr.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1117696
                  Entropy (8bit):6.336937491616878
                  Encrypted:false
                  SSDEEP:24576:TmPlheEPloSmEi93/B2zoLDgsxye0NmFTz8o7RYpUgyZRjG/riJpMQrUOQOiO1jX:TmWEPloSmEi9JCongIz8o7RYpUgyZRjZ
                  MD5:839A6D54C7D8B0959C4102571E831EE5
                  SHA1:DE170EDD72924696B81E9B1A2031F0D6A00FA5B3
                  SHA-256:D0877878AD929CCCE1F6F6E0EDEAF0833E935CF7E082808EFC4AE430E964599B
                  SHA-512:710A015406C8AA4DECF776A90D104174805B39CEF7EA60210B0A013AF393B7BF8776BF0728E3D29D30124687CF3E800AD6F407343559347F5E16B085ADB0F686
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................+.....D.Y.......g.......X.......e.......Y.......e......ss...............Y.#.....c.......f.....Rich....................PE..L......[...........!................V*.......................................@............@.....................................................................$L......8..............................@...............<...........$...H............text............................... ..`.rdata..............................@..@.data...(e...p...\...b..............@....rsrc...............................@..@.reloc..$L.......N..................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):5.800071021676295
                  Encrypted:false
                  SSDEEP:1536:L1iZf5Aj8wAz0EMjczOc9lb2rKAcD/gzTulv:Lo1CAwHoxUUX
                  MD5:C8DC7A02D6F322F5C7C538C38ED595B5
                  SHA1:00074ED66627E0CCB15A9D8B4F8EB1B3F5EB6602
                  SHA-256:D36AEF3CD0668CC2D7308B2B756D993A961A077CF4FC1AB4C6C659E51421712E
                  SHA-512:AE1B7869D4F6AA034051F418E270EF61C54DBA53C497BA77F8DE2E6F62E0E4C1D0CF2E534E6AD88C50EDB7C53D70C4FA517551758EA67A84E58A0C4CC31FB95A
                  Malicious:false
                  Reputation:low
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0.................. ... ....... .......................`............`.....................................O.... .......................@......d................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......<u..(.............................................................s....}.....(....../......}......}....*.0..9..........}e.....(....}d......}c....{d........(...+..|d...(....**.{.......*.0..S..........{..........(.....{....(...+,..{....o.........{.....X}.......,..(......,...o....*.........3>.......0..h........{..........(.....{....o ....+...(!...o".....(#...-......."...o......{....o$.....{....}.......,..(.....*.........6..........T]......nr...ps%.........(...+.....*.0..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\EagleProtobuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):146944
                  Entropy (8bit):6.4546942647294845
                  Encrypted:false
                  SSDEEP:3072:bm678u5fT76QHu/9eeeeeeeeeeeeeDttt0VKkRxRpQ4u0kxYJ6vO/kyvHtVTYhIL:N78uF6xx/kyvHtVTYhI9EiXcGnjdwD9A
                  MD5:DAACC3335E08C1667D55BB1F70E3F40D
                  SHA1:85CBBC311F22C379D15921495527191FD1F32659
                  SHA-256:2C8CA48C2D853BC0D4D2877D532559ECFF4506E274C7F6B9E6E0F86C6E19DA69
                  SHA-512:E9DC3904BA68152A002DE653F731C7C818500B1F6617921AC177FCA0231AAFA7BE5D29D863EA503AB45437C2ACEDAB0DCB9E3CD93B065A1E1FE33769866A4F60
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................P....o....n....R...F.D....mR.....S...mj....mS....T....mQ...Rich...........PE..L...v..[...........!.........X......KC....................................................@..........................E..*.......d....P.......................`......................................`)..@............................................text............................... ..`.rdata..@0.......2..................@..@.data...$....@......................@....rsrc........P......."..............@..@.reloc.......`.......$..............@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\ExportWriters.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):973312
                  Entropy (8bit):6.468142013615123
                  Encrypted:false
                  SSDEEP:12288:ujVsxOvL9nTMtTv45n+l9xWWm4lG6lp7IQX0T7B4YhssE1kTk6G5TdnYmh:20tTvC+l2UG670T76YhsshTk3Xh
                  MD5:B1F57C0464F594B1F2B6E0A15F03BD29
                  SHA1:37E0E9CC370A6DFBE224EBD4ABE6CEF19F15556C
                  SHA-256:7012ABCF17A764C6FB77FC062D7462E82C9D864BA5CE7343B5D2B319C59A6C60
                  SHA-512:9F09E6AC54703F5D0A3160E1EF2672A308EF8C32F909A86E58F30AF7536677D56ADFCEDD26F99C871397DF28D76758821B446FE81B3934B994FBF82A2E232E17
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%...%...%..'%...%..&%...%...%...%wV.%...%.7'%...%.7.%...%...%@..%.7&%...%.7.%...%...%...%.7.%...%Rich...%........................PE..L......[...........!.....b...z......p........................................ ............@..............................^..............................................8...............................@............................................text....`.......b.................. ..`.rdata...U.......V...f..............@..@.data...............................@....rsrc................R..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GEISDK.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2077184
                  Entropy (8bit):6.637072531800548
                  Encrypted:false
                  SSDEEP:49152:MABAZx0DkhEWKm+NChFNd7CU7SzaxYqdL4vq4r2Umzso2s8j1lJoZWQjKa:f6x0Dkhwm+ohTdGU7SzaxYqt4i4hmAo/
                  MD5:68666808C0E427B115C632E19C8970B9
                  SHA1:E2FBA1373BB8FFC35802B17133B7519E8ED4C75A
                  SHA-256:1FED31AC3795C47D07F00AEAEBF6AC3658A96F79AA5AEB26F6C948425BE9A81B
                  SHA-512:0831677DAD33F615B7ABFFCC815E7DDB63AFF6F37B96D5B05E8050BA6E94FEDDF6A2C2A6D49FE46ED8C146F64B8B70FE542080522E013068A27841F34C47F605
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^................o.......s.......t......@i.#....@].......d.<...=...........T....@\.....@X.N....@l......@m......@j.....Rich............PE..L....r.W...........!.....r...<...............................................` ......f .............................p.......x........@..0A......................L....................................'..@............................................text....q.......r.................. ..`.rdata..Po.......p...v..............@..@.data....7..........................@....rsrc...0A...@...B..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrApp.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):7381504
                  Entropy (8bit):6.436536932386259
                  Encrypted:false
                  SSDEEP:49152:zw16dJPi5jZj7EbxKENVntkoBy5IiQ07sTRfdtUw+AynBGC7Rqgzgq/JlIZO3YmT:r06xKENfkBIKsyaQXfnF
                  MD5:0BFBCD70678C80FF8480215E6C834777
                  SHA1:9A59A6CDED4DC711BFE517999477859852B746A8
                  SHA-256:C49E12110A785066ABA13F65C245F5FE2A4B74C726F71289484EA2AA58BE4FDA
                  SHA-512:9CA9CF4D07C94BA031106BFD63171DE249F79EACE78ECE590A20D15AE00C48532F0E2786E659AEBBA44D2F43FAF65062835E7322BB204E1D324A5E317E8AD0DE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w..p3..#3..#3..#-.]#1..#u./#5..#>..#0..#>..#?..#>..#7..#>./#6..#...#7..#.k.#(..#3..##..#.k/#...#.k.#2..#>..#2..#.k.#2..#Rich3..#................PE..L...<..[...........!..........U...............................................q...........@..........................:j.....h?j.|....Pp......................`p..a......8...........................@...@...........................t...H............text...q........................... ..`.rdata....P.......P.................@..@.data.........l.......l.............@....rsrc........Pp......>o.............@..@.reloc...a...`p..b...@o.............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAppCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):216064
                  Entropy (8bit):6.150509986023006
                  Encrypted:false
                  SSDEEP:3072:jlEsxvcw9DrDVGfX+82so8f5tbHSijMGOIlwQydtq+YQfCqg:xEGc2DycsfLyiQIl4t
                  MD5:CE80F7147052CEC0992D6B53B86A25B5
                  SHA1:3F9C7AE7F89A8A788F4F2325307FE6493BE6BCB8
                  SHA-256:9A2CCB8FB91B9F2E89DBB2938C88551A1732B6B6413A0FA6A30D92706B09F8FB
                  SHA-512:AFBFE7F3C1E77967D0B3E43BC323B3D7C4646BC76C4D902EDACA8286315DFE2F20D619B1DF17B3D6EC9D795DFE2135EDAB540D54D7F59F61E402F8B8D6008E3B
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0..D..........Bb... ........... ....................................`..................................a..O....................................`............................................... ............... ..H............text...XB... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B................$b......H............................b...........................................0..i........s)...}.....s)...}.....s)...}.....(*........(+...(,...(...+(...+....X.....}......+..{.....s.......X...1.*.*..0...........{..........,4.{.......o/...,...X..{......o0...+G...{......o0...+6.{.......o/...,&..3....{.....o1...&+...Y..{......o0....-.*.{.....61.{ ......o2...,.....J.{ ....o3...&*.{ .....o4...*s5.....s5......,....o6...+....o6.........(....*v........*....(....*....(....*..E..............

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAudit.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):948736
                  Entropy (8bit):6.307592885682749
                  Encrypted:false
                  SSDEEP:24576:GLAuvQv/NPE/SmO7R3Ye0IBKagOZQyLJIP1dr2ujWstGCpl+4QwV2B:GL/Qv/Nc/SmO7R3Ye0IBKagOZQyLJIP+
                  MD5:C18BA76AB4CA36540DAD64D05F723C92
                  SHA1:FD0B04153E690ED2CFAF079D608888C338ECE109
                  SHA-256:0081091F6D6FFD7E5201BDFACA091D61BADB8006CDD531EC05E2100E7ED3A1EC
                  SHA-512:D4CAA29811E545C84EFCDC8DCA273FF9F0A8D0203E35070546B3ACAC97A31F67361D000AB10A21622F75D310FEBAE642297F18F30A996111916240218C454510
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............X`.....[.....X.....X,....X.....X............t.8..................X(......-....Rich............................PE..L...~..[...........!.....H...6...............`............................................@..........................................`.......................p...B...d..8...........................0l..@............`..............Hd..H............text....F.......H.................. ..`.rdata......`.......L..............@..@.data...x`.......Z..................@....rsrc........`.......4..............@..@.reloc...B...p...D...6..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrAuditCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):156672
                  Entropy (8bit):6.046489933367645
                  Encrypted:false
                  SSDEEP:3072:mG1qBSHjAiAbl3BrJLSh0d2MuEH+NfaIgmvhZgjnYIHzRrCwbBsBCHf4eJP52cfs:JMxH+VaIgchW7YIHtrE4f4wFWXAl
                  MD5:0AEB079C7160CC1BE77E0C6C36E9BD33
                  SHA1:71DCF96FC6EC3FA406CED8821663FD3EB593EE9C
                  SHA-256:CDBA8803E941F6F6A06A3F9A58FC20CE331702C3A4DA246478A49FC2020CE1D0
                  SHA-512:4052BFAE6E4F037ACEE4842D34CDF0A23B773C47FB73F75B1B7FB77A98A58840480D5634CF1DC19815E10E4C851BFFE78A8A80AB1490733B559C49A78DC012B5
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%..[...........!..0..\..........Nz... ........... ....................................`..................................y..O....................................x............................................... ............... ..H............text...TZ... ...\.................. ..`.rsrc................^..............@..@.reloc...............b..............@..B................0z......H.........................................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. ... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*.0..T........(...........s....(....(....s ...}.....s!...}.....s"...}.....s#...}.....($....(....*

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBase.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1270272
                  Entropy (8bit):6.3974128005434165
                  Encrypted:false
                  SSDEEP:24576:sTj4QM1z+APkUuxu7OksFXL6mna3i7RegmbeENCVsFr2WiOg1Oxb1Ou7ZvVus1Q+:sTjmXOlwi7RegmbeENCVsFr2WiOg1OxE
                  MD5:1E04E93B962DFF575A3B3625F29941A9
                  SHA1:59A1755184C1F5FE830CFA671E57AF725949E125
                  SHA-256:D1FD7AE5B425683536D409F12D068F200C1C6A4C1E30C5FEC475AF61C08B47CB
                  SHA-512:B246B99EDE39414ACF8F0DA90029EDBAF5081D55930BC49E7819F45E79B1335E80566F943B470FFB2A2A5F62B0BA8AE855FB11937F11204326EA567709A9EFE7
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.uOP.&OP.&OP.&Q..&MP.&..e&IP.&B.[&LP.&B.d&CP.&B.Y&KP.&B.e&JP.&..Y&EP.&..J&NP.&..O&FP.&OP.&.P.&..e&.P.&B._&NP.&..Z&NP.&RichOP.&................PE..L...%..[...........!.................P....................................................@.................................D........P.......................`..PG......8............................3..@...............................H............text.............................. ..`.rdata..............................@..@.data...xp.......V..................@....rsrc........P......................@..@.reloc..PG...`...H..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrBookmarks.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1122304
                  Entropy (8bit):6.319147480063435
                  Encrypted:false
                  SSDEEP:24576:guuhj635k9LXlEah7RJRIope5grAg6Zhlhfs/CIzF9oLOhdLeW7h7LUGYhJGD/RE:W63+9LXPh7RJRIope5grAg6Zhlhfs/CB
                  MD5:53ADC8A2007983DDC23C8FC03B5AA6A5
                  SHA1:48F29889040289E0D27724D9A3893AA818A98BD9
                  SHA-256:560E94716B2E3B5BF5FF3D0D41250852B83851CB386FB1895CB0F05017827732
                  SHA-512:55CD1952EFC26C8A5DEA0932FA979D51BE3BA51F08DC025123AC66E50DE8CB4466A720FC67E140CD7EA05061C855AADA1207F8D0DEFEC132D3EDA88BD00F848A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.+.{.E.{.E.{.E.e...y.E.=..}.E.v..x.E.v..w.E.v....E.v..~.E.....w.E.j..x.E.{.D.E.....q.E.v..z.E.....z.E.Rich{.E.........................PE..L......[...........!.........@.......z.......................................p............@..................................G............................... ...I......8...............................@...............................H............text...I........................... ..`.rdata..4...........................@..@.data....q.......j...j..............@....rsrc...............................@..@.reloc...I... ...J..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrDirectory.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):31232
                  Entropy (8bit):5.67511673415865
                  Encrypted:false
                  SSDEEP:768:xuca9pDKGkoOaAghBKD1eJWvVDw6mmyEjH08R5tRv1tm:xvaDDKGkoQgGcJWDRBhjH0Sbv1k
                  MD5:2AA77A16063DE2E44CE8DA22B086DB89
                  SHA1:779DCFB1AC0FB844119001873BE1193A7788186E
                  SHA-256:0CF809D64C5EEA3192202E107789C3D7E9147189C336E1BA74D806EBE402D940
                  SHA-512:4C94DAC05C5B77833F978AA3FD24349900F56B361BED6B4C7EB8EA0F448E7366AA690AB66353B0A810805909F7713A711BAB84186ACF13033820A6F579C6651A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0..r.............. ........... ....................................`.....................................O...................................`................................................ ............... ..H............text...xq... ...r.................. ..`.rsrc................t..............@..@.reloc...............x..............@..B.......................H.......,@..4O..........................................................V.(......}......}....*...0............3..r...p(....,.*..}......}.....o......{.........o...........s....(....o......,l...}............(.....{....o........(....}......3:.{.....{...........s....o.....{.....{...........s....o....*...0..H........{....o......{.........o...........s....( ...o......}......}......}....*.0............(!...-..u....-.*.{".....{.....u.........o#......}$...............(%...,.*......uA.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrForms.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1069056
                  Entropy (8bit):6.314744234634978
                  Encrypted:false
                  SSDEEP:24576:OKgsj1XCqFDkdc8fNE1fmRU7R7vevgOZSSVJIq2qAdE2Pr2gBiOiYyC7aQclT88:OKgsj1X2dc8wfmRU7R7vevgOZSSVJIqf
                  MD5:ECFB06F97BD92E65696DBDE5F7F1F3F6
                  SHA1:13D96BC969DA9A6406AC7DFBBB35CD0874B8E597
                  SHA-256:4E1745CF726299D86B093E65AC57FF5999F69B2CC67A97B2CBBE15B0958AB9FB
                  SHA-512:1F626B3A343D772CCB6D39021F51E55DD737EC8A65BACD37FB10B613E0721D558E8A17940F5F6886E49FF85D86EAD4BD6DDDBF8D6E6B2F044729BC34613F27D2
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h....xD..xD..xD.[.D..xD.X.D..xD.[.D..xD.[.D..xD.[.D..xD.[.D..xD...D..xDm..D..xD..yD..xD...D..xD.[.D..xD...D..xDRich..xD........PE..L......[...........!................f=....................................................@..........................................0.......................@...F......8...........................(...@...........................h...H............text............................... ..`.rdata..P...........................@..@.data....w.......n..................@....rsrc........0......................@..@.reloc...F...@...H..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrFormsCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):76800
                  Entropy (8bit):6.059329078366789
                  Encrypted:false
                  SSDEEP:1536:Nf5BBJnA1IiJYGI036lVaDoa4K3uhsGDKC3ZL9gHB:bPJIICYGI03Uasa4KuRDKCpL9yB
                  MD5:48B2D294A315D62E5B9E76AB161A0ECF
                  SHA1:582F3914E325B7EF0E073956232404C4BCFEBD35
                  SHA-256:6674E3B08450F449FAAA5ABA374ADB71DB2ED7678B33E118FE745084DAE78074
                  SHA-512:48ED5A53376825BCA3813E23F953A1D59BDEBD95C127BDBA80CE95F0029D12550908F85CD06FACC4686AE206FE3C15ADDD4E2679E3BB6561247D765F4A557FC8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..[...........!..0..$...........C... ...`....... ....................................`.................................8C..O....`...............................B............................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B................lC......H........K...w..............x~............................................(....*F.~....(....t....*6.~.....(....*F.~....(....t....*6.~.....(....*F.~....(.........*J.~..........(....*F.~....(.........*J.~..........(....*F.~....(....t....*6.~.....(....*F.~....(....ti...*6.~.....(....*..#........#........#.......?#.......?s....(....*..0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*.*..0..........r...p.....(.........(...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanel.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1684480
                  Entropy (8bit):6.396335315579929
                  Encrypted:false
                  SSDEEP:49152:v+bmpt87R7GImsrw+A/gOZ1PeGnppB6fCwCieMCGy+nBreGwKnHCHwwKF/PVseim:85
                  MD5:96AE1541A92A25623C949699949621A2
                  SHA1:848D8A47C8FF904BC67A0B11996234CB3D832A73
                  SHA-256:0BA50B783F1F9230CCA3F15B8C2510C89407BAB5DF69E92D69731A4BE0050E15
                  SHA-512:37E8197D9FD586C9A3D692B423F5E63F8CA6D833F0777FCA03A0F6EEF80B60154DFD8FB900B7B6E5F1D5809BB1852A2F99DABB635E58580EFB069DA1A3102C54
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..(0..{0..{0..{...{2..{v.q{;..{=.O{6..{=.p{<..{=.M{4..{=.q{5..{..M{"..{.|[{5..{0..{...{..q{>..{=.K{1..{..N{1..{Rich0..{........................PE..L......[...........!......................................................................@.................................,g..,................................m..@...8........................... ...@...............t...........0...H............text............................... ..`.rdata..............................@..@.data...............................@....rsrc................D..............@..@.reloc...m.......n...F..............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrImagePanelCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):313856
                  Entropy (8bit):6.112185541470815
                  Encrypted:false
                  SSDEEP:6144:o/fCAwtrFnHNJssVSGMxcL/zkN+Mtg1eaWbgVF9:o/fCNnMxckTgz
                  MD5:749D8EAC2D41934C07B36BDE705D9B6D
                  SHA1:9A1D6AE58235867EF1A9BA066FC9CE232D1991A1
                  SHA-256:59D0BE32230B6FFE37715756C92E56B56E9F70D2B96A1B8D244564B8A8439801
                  SHA-512:293C50A13AFD06CA60E44BDC9F0C29319A57A5DE10EF2D264F954EAD55E83CE4DEB9C2DD469B3A5CA56C6C4D512331C2C8B63D6D173FC76C2FA937FCF092DDB9
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(..[...........!..0.................. ........... .......................@............`.....................................O............................ ......P................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......h.... ..............`...........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o ...*..(!...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*2.(....o0...*..{....*"..}....*..{....*...{"....{#....{$....{%.........{&...s'...}....*..{....*z.-..{....o(...+...}.....()...*..{....*R..}.....()....(+...*..{....*R..}.....()....(+...*..{....*"..}....*Z.(....,..(....o>...*.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMaps.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1184256
                  Entropy (8bit):6.371023336414058
                  Encrypted:false
                  SSDEEP:24576:5nzeeHj4Pg9wE7R0ke0I+gyZOU35lIJM+rewEOr2ktrGMZCdNDvEbDsZaQLUHsm:jjME7R0ke0I+gyZOU35lIJM+rewEOr2Z
                  MD5:B5DA1BF610DF157B6EBAD812252F10CA
                  SHA1:77A73D7D97EB9AC3FDDA1A7A7DF601F90D06A026
                  SHA-256:4192F935D0470AE62BC3D0D4C1D7A544845D053B71B5524122D04436F4E3313E
                  SHA-512:E035DF7013A01E70ACAF4636DF4CB8E23D8ED03226B6EB509B880C594EB6C5DBBA7536C48A2D538D007C51EEBEDAFE20FF91083017CE04932760329BDBB7A3CF
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7..;s..hs..hs..hm.ohq..h5..hu..h~.#hp..h~..h...h~.!hw..h~..hv..h.b!h}..h..7hv..hs..hm..h.b.hg..h~.'hr..h.b"hr..hRichs..h................PE..L......[...........!.........h......(O.......................................P............@..................................(..................................4M......8...........................H...@...............................H............text...)........................... ..`.rdata..............................@..@.data....x...p...f...\..............@....rsrc...............................@..@.reloc..4M.......N..................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrMapsCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):50176
                  Entropy (8bit):6.005023965466657
                  Encrypted:false
                  SSDEEP:1536:lxWbdXPSezmv3QVu1Iq0RFWOmDY4MHb/gCSSc4:GbxP3avglsCS34
                  MD5:BF6024D34A61660973C6CB3FA272AFD7
                  SHA1:2A25E592B75C0E3A10B5A704ACF3B3C7988F52C6
                  SHA-256:01545A060CB4606612D244C81795B117171F2DF8E0C1D80FD860C593270B7BBE
                  SHA-512:FA61549598C6E01ABBE3B65E65F6A04A2A7F47A005D40AC62B105DA72ABC78C13CAB6E737845B911172D52D165555BAB44E691BCA342B8B98C05737582AB8B9F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..[...........!..0.................. ........... ....................... ............`.................................l...O...................................4................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........D..LQ..........4....D..........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..(....*.s....&*.(....o....*...0...........s....}.....s....}.....s ...}.....s!...}.....s"...}.....s....s#...}.....s$...}.....(%...(&...o'..........s(...o)...(&...o'..........s*...o+...*..0..=........,2(&...o'.....,$........s(...o,...........s*...o-.....(....*....0...........~-...%-.&~,.........s/.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrResources.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):3387392
                  Entropy (8bit):4.7147636947919205
                  Encrypted:false
                  SSDEEP:24576:vMJIFVb5M6CAq+pgVHSzywQ1TzXUrViL5JW9ZrkbPEYCf:EJIFB5M6Czm0HZTTUr0dJW9ZqC
                  MD5:2F9283856B540F96327D1E94CEAC8386
                  SHA1:75C60DAE40E3B1BCA4BA1C08F47FDC1810D2EFD0
                  SHA-256:A16952279AC9004CBEED8A89E07401D2CC88504B6C51DBCAAD44D26F5A7C059E
                  SHA-512:DABFD9AD159BE0FDDD6CA09B1E0F05A364817B12E60A33D2DE163D686D8A8FE0173127EA8E23DB288C766526C8599CC506387FA0347A825ECB32EC539BA02F77
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................A.......C.....1...................0....x 1...........x .....Rich...........PE..L......[...........!..........3......".......0................................4...........@..................................3.P.....3.......................3.@....................................1..@............0..0...........x0..H............text............................... ..`.rdata..8.3..0....3.................@..@.data...h.....3.......3.............@....rsrc.........3.......3.............@..@.reloc..@.....3.......3.............@..B................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearch.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1440256
                  Entropy (8bit):6.356687860260191
                  Encrypted:false
                  SSDEEP:24576:YPnuqCajfoccjL386WEdmKeL15T8EIgps6GEyPEGIxaPw5GYb/56M7RGpeCWbx5A:9qCWcuEdmKeLT8EIgps6GEyPEGIxaPw+
                  MD5:AC53586712312F7CC26CF62FF23015E5
                  SHA1:3D5D506A4E17A5F64CEB36AD5463736B740C6D12
                  SHA-256:74DCC73700ADF31ACEB887471502548A4F82609F8FBB4293E81CBC0497305784
                  SHA-512:FDB2182C7990EEE4CFA48596A6F7AD35A84C690EE1857709338AFB4E7D6DA26CF0FFBC455C18B86F1D96DD755EB425CCD4B8213C0CF723FC91986B920D686C91
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w..3...3...3...-.0.1...u.B.5...>.|.0...>.C.?...>.~.7...>.B.6....~.#....sh.0...3...3....B./...>.x.2....}.2...Rich3...........PE..L......[...........!................Vg.......................................@............@.................................4....................................W......8...........................`)..@...............0...............H............text............................... ..`.rdata..............................@..@.data........0......................@....rsrc...............................@..@.reloc...W.......X..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSearchCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):426496
                  Entropy (8bit):6.254020900125445
                  Encrypted:false
                  SSDEEP:6144:GrgXNNJvGl73oH3scbwqKRsIHfqu7Y4IkII5CwVDpwJ7LLDpnW:1N3scb/KRsIHDI+
                  MD5:CAAB42096C560944E4B914D0FDD98671
                  SHA1:4206EEA04E4669B4E9920E3A2E2245B57AED52EF
                  SHA-256:2E0FF5BADF121467D647CE990D072C8D4DAA965858F5BCED9C82BB7C3403CA35
                  SHA-512:C1427F39EFC5E42BBA815E6E8EA450155B878F37C590CA7FE423EEA6D798811755AF04B9332F875DED12F2AF126EF7AE36C5FBF6A9CEDF27466FDBB9F70999AA
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..[...........!..0..z..........B.... ........... ....................................`....................................O.................................................................................... ............... ..H............text...Hy... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B................$.......H...........(............3...c...........................................0..N.......r...p.....(.........(.....s....( ........r...p.....(.........(..................s....( ........r!..p.....(.........(..........s....( ........r3..p.....(.........(.................s!...s"...( ........rE..p.....(.........(..........s....( ........rW..p.....(.........(..........s....( ........r...p.....(.........(.................s!...s"...( ........r...p.....(.........(............s!...s"...( ..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetup.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):5410304
                  Entropy (8bit):6.431676628572653
                  Encrypted:false
                  SSDEEP:49152:8DnrAxTGOTsy4K9EhTeq+T51H8dezy0vRy1W7RY7XAusreyKgyZ2SQJIr1/2ss73:8nk/9zRRD
                  MD5:2A18CA99D927C596150967BF533B9B2B
                  SHA1:C6A4D1ACBF8819830F4EC8BBF987C7A9F4EB4DEA
                  SHA-256:81B44D57CA0EB666292DFB518333ECE0814EE6E9A272FE1BF3C80CD798D425AB
                  SHA-512:9EA6DFA86DAB0E66D59DB9419B2E709910EF39455FDA2C273648D2010E1C451C9234F0A7066E2D5DFCA21019208354988DA68243261C44AA0A95DF6687987057
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{...)...{...*z..{...)D..{...){..{...)F..{...)z..{..'.P..{..O.F..{...{...}..O.z.b{...)@..{..O.E..{..Rich.{..........PE..L......[...........!.........z=..............................................PS...........@...................................M......@R......................PR.....`...8...........................H...@...............................H............text...y........................... ..`.rdata...,:.......:.................@..@.data....M....O.......O.............@....rsrc........@R.......Q.............@..@.reloc.......PR.......Q.............@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSetupCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1000448
                  Entropy (8bit):6.136561737909488
                  Encrypted:false
                  SSDEEP:12288:t7M7DhewrxT+iqscGdwcSbf3JQ7ChUp4b4LufqGQcU6QX0r:qD8wescCSDZQ7ChUp4b8ufqGQGQX0r
                  MD5:3E94261B323A068C11BDA451994F1ECF
                  SHA1:4A46F08159E9AE41AFBC7AF24704765C83939ABA
                  SHA-256:227F883133BCD55B676F3E773B97B4E4A73CA799934B633F2806900CECCAB83E
                  SHA-512:B390364DAE00E9479D93F2D34F0696DEA191542CCE8C80D7FFA182253CDA8446906078A899BE26329255D989472EDCBD2F97FAC8BE5A42A4DD38CB1753DEB204
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..[...........!..0..<...........Y... ...`....... ....................................`..................................Y..O....`..............................tX............................................... ............... ..H............text...<:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B.................Y......H.......................$...P.............................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. .b.p )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*..{....*..{....*..{ ...*r.(......}......}......} ...*....0..S........u......,G(.....{.....{....o

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrSystemTree.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):178176
                  Entropy (8bit):6.066331938788203
                  Encrypted:false
                  SSDEEP:3072:/8iyUzW2uqmdrSaSPwxgkWOP+210VnTmj0fa2OLu3P8cPXryKWqa+uvrq0X5fMQY:/vyUafrfIOP+y0VTDHoudiqWMQ5CUJ
                  MD5:5DEEC391A7486C4348D8741E98B5493B
                  SHA1:8FEE9A7C1FB9F689D21A9930C7420F8F9382893C
                  SHA-256:B2D1217C9EB5DFE719177BB10652431269D314FB5806A26F236FB40985A1402B
                  SHA-512:56541E887E8C9D22746C4199677BC2A53E26385046D301303BE9E459B86B3EAAF9049BDA2B0B295065CAD81385B946451772D29B09471A92012D7D80595B9B52
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0.................. ........... ....................... ............`.................................4...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................h.......H.......H....G...........b...k..........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..(....*...0..C..........(..... ....(u....{....o......!.{....o....-..{....o(...-...(o...*..0..q........(....o....}.......(G.....(s.....{.....o....(......{.....o....o....}.....(.....(......{.....o....o....s....(....*6.(.....(H...*..{....*...|...........(....(.........(....t....(....(...+(...+(...+&

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrTimelineCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):5.664236227605827
                  Encrypted:false
                  SSDEEP:384:cfmbi8Rk94UjfhRdYVMBUxgwlxgZzxgZduBi305xgZIep2WPUUAM7McMrMEilFZh:piD4UjJYVPkc5PJ49IToM
                  MD5:F8B28114DA7D30E39923A333365C243D
                  SHA1:A9A51AF57BBA0D0087B49C9DE1123ADEB4226ED5
                  SHA-256:B9B4EC44457913342AAA528F83AC4F40CEEADBD806E4629B4FF1D410FDF9AA5E
                  SHA-512:C7ADCDB79353B9D4774410EDBEFDA200610E6A0ABBA238FA4AC2B23B23011CBEEDE4814CCAA3027823548FDDD52DC44E92B68735075D31280873EB6F9D84EB26
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..[...........!..0..H...........g... ........... ....................................`..................................f..O....................................e............................................... ............... ..H............text...$G... ...H.................. ..`.rsrc................J..............@..@.reloc...............N..............@..B.................g......H........&...............=...'............................................~....s....#.......?s....}.....(..........(....(....*..~....s....#.......?s....}.....(......(......(....*..{....*"..}....*F.~....(.........*J.~..........(....*.0...........u......,..o....*....0..K.........(.....(.....(.........3..(........(........(.....Z....( ....l[...l[.#...........(!...#......2@Y.......(!...#......"@Y.....+|.......+6...X........("........(!...(".....{........o#......X......Y2....X....

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindow.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):2137600
                  Entropy (8bit):6.447981820654159
                  Encrypted:false
                  SSDEEP:49152:JcEksqJAQQtgprj3Pm7RoqgkZ6mgKbeIlqBA0lIXr2Oslhz9cC4sww+ASUOWAcda:Lsrk97
                  MD5:46D0F632D5837880F486B4C2724EA360
                  SHA1:F9664A8E2346E4EDB79349C2BD5E45A4DEDBDE20
                  SHA-256:E2991E7A24BC81D0B6882729067943C7C72B9958DEEF77271A3E26291B5C96DE
                  SHA-512:788DA10960C00C3A79EFC6E6ECDE526AFD9BC273282538136321615BF6CB8E669BDEE08175A922AC1B2F92138745FE363BD801CAFEAEF6970F3CE0B14E289409
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0i.G0i.G0i.G.;TG2i.Gv8&G7i.G=;.G4i.G=;.G3i.G=;'G<i.G=;&G4i.G...G i.G..G7i.G0i.G.h.G..&G.i.G=;.G1i.G...G1i.GRich0i.G................PE..L...1..[...........!.....x...B............................................... ...........@.................................L6..,....p ....................... .\o......8...............................@...............L...............H............text....v.......x.................. ..`.rdata...............|..............@..@.data................~..............@....rsrc........p ......, .............@..@.reloc..\o.... ..p.... .............@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrViewWindowCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):492544
                  Entropy (8bit):6.111867598311067
                  Encrypted:false
                  SSDEEP:12288:eF0RKrsfM5MkFz626CPil4rNsvbFtxzjgSCcymG6pg1T:FRfM5MkFz626CPil4rNKNCcyapg1
                  MD5:60579FCB872CAA405949328C25BC4414
                  SHA1:F898FA86CD2028C87BF6B8DF2B295530632CADE3
                  SHA-256:EE975EA9105BEC2A3BCC4B76486D45CFBCD538762D7BD97ACC691E90CFF1D68D
                  SHA-512:DB8DDA70E43DCE8127BBE1968F8A45BF93CD40107D845434BFC4688E55BB9BB74342D25A06172886895C79C7508B9C37C43C6F31344959A648CAB529BB3095CF
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..[...........!..0..|..........J.... ........... ....................................`.....................................O.................................................................................... ............... ..H............text...P{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B................,.......H........X..Pw.......... .................................................{ ...*..{!...*V.(".....} .....}!...*...0..;........u......,/(#....{ ....{ ...o$...,.(%....{!....{!...o&...*.*. ..w. )UU.Z(#....{ ...o'...X )UU.Z(%....{!...o(...X*.0...........r...p......%..{ ....................-.q.............-.&.+.......o)....%..{!....................-.q.............-.&.+.......o)....(*...*..{+...*..{,...*V.(".....}+.....},...*...0..;........u......,/(#....{+....{+...o$...,.(%....{,..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\GuiClrWpfBase.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1294848
                  Entropy (8bit):6.258023505621942
                  Encrypted:false
                  SSDEEP:12288:A1+7j1IWVGmD2UimsOvpLuwxZt35MuuGTZx+OzanxlKtcb9quIO56:q+yKD2Ui7uuGTZx+Oz+xl5b9qu4
                  MD5:246066577FAE5D7187A8031F21BFC4A5
                  SHA1:BEF9205877B379B54D6676D164B41A811FFE46C7
                  SHA-256:96F88C5DD2B1A8711057B11B07C77498903761737AA5D1F0BCE2F7D8BBBB33AC
                  SHA-512:B5842560A3D37463E85568209FD21D6EF8FE66178D85716ED13B4BD39E0743EE01A46BEE55DE87360E164D176C75F587D4170E1D4D6ACBD4A799D278C9E48545
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0.............j.... ........... ....................... ............`.....................................O.................................................................................... ............... ..H............text...p.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................L.......H.......@....Y...........`...w..........................................>. 4......(I...*2......oJ...*:........oK...*.0..,........oL...r...p $...........%...%....oM...t....*&...oN...*..(O...*...0...........sP...}.....(Q....(R...-.r!..p.sS...z..}.....{....sT......oU...}.....{....(V......+.......{......s....oW.....X....i2..{....(X......+.......{......s....oW.....X....i2..........{........(...+ ....(....&sZ......{....([...............(\...o]...t....}......&...{....(....&*........

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\IMV1.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):577536
                  Entropy (8bit):6.700638381487804
                  Encrypted:false
                  SSDEEP:6144:TZnjr6s+gP+6uOE/CmmgcPNzMWau399o5sp3HoI6NByJ7S37AY8FcAOB1mF8w/tP:Nh+gscPNQW8M4IIBQS37UcYjtP
                  MD5:A7C0D953F1957DD2817C5B21F256260E
                  SHA1:22EC7C56972245471C8F4D742C79BBDC38674F6E
                  SHA-256:D044CE487939E382798946C314FEA1D0C6ECFFFB87DD6CA64AE1F217085DDE2E
                  SHA-512:0416E798E044107443CED7C3ACC6C0BBD1C495297AFD10FF333744D50A90DD33910742F3A0273087515138BCDB06412444E3D3B4F2E90FB7C8087A57AABF2BFB
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!...!...!....h.......h.G....h.....(..."...!...n....h..>....h. ....h.. ....h. ...Rich!...........PE..L....~.X...........!.....p...P.....................................................&...............................@o......xi..(.......H........................&...................................[..@............................................text....h.......p.................. ..`.rdata..Y...........................@..@.data...............................@....rsrc...H...........................@..@.reloc...4.......@..................@..B................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\If.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1705472
                  Entropy (8bit):6.604140724794246
                  Encrypted:false
                  SSDEEP:49152:UCtmyiSGUB/POOEyRQtO96FYLzf2gJy+bz:UCtmyiInONFYLL3
                  MD5:86BF989041CB85807AF2D5018A178CA0
                  SHA1:D8F4936090D717B7BC6A3992CF1099CC1D7F9C35
                  SHA-256:48C5E57EE600D51F3F5495400CC48D872EBC059D505052704C944C402FFE8C82
                  SHA-512:8C156C8725213D2EC324D9C5378E9336D0EFF8B30825808BFFC036C85B26E9F0C75D39DE2CE713988AA0BD059A15F7ABCA67F8C548B7FAD9D7541A418192C571
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../R`.N<3.N<3.N<3...3.N<3...3.N<3...3.N<3...3.N<3...3.N<3n..3.N<3.N=3hN<3...3.N<3...3.N<3...3.N<3...3.N<3Rich.N<3........................PE..L......[...........!.........".......o.......................................@............@.............................z...<........p.............................p...8............................q..@............................................text............................... ..`.rdata...$.......&..................@..@.data...4;...0...8..................@....rsrc........p.......F..............@..@.reloc..............H..............@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\IfSoap.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2108416
                  Entropy (8bit):5.8682196402709685
                  Encrypted:false
                  SSDEEP:24576:7Hqzl0x7b4/SMhflJt8tUml8Id93d8YYXQMz/jHtltTIXDgU2STsQYt9VxSZFtmo:7rDnFYsxwPEx
                  MD5:96846809268A2A780B89E5DB3DE585ED
                  SHA1:4E6FEFED55E2774C42BB9158CF38C49706A39390
                  SHA-256:FB2DDEDB6F76228CC8040537591199AEB16EA25D7761E806621830BD6FA6ED00
                  SHA-512:E0888485C146C69EBA1D1C368FAC455E241510C6A88D498FEB0BA6F1D5976185AF2D124F223AF7977CBFA6A44FB151232699E3E32C5CEF4AAEB4247EF358220B
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o..+...+...+...&.\.)...&.c.'...&.^./...&.b.-...,^. ....MH.)...+...W...,b./...,_.*...&.X.*...,].*...Rich+...........................PE..L......[...........!.........Z......ld........................................ ...........@.........................p...t...p........p..<...........................@...8...........................P%..@............`..p ...........................text............................... ..`.rdata.............................@..@.data................X..............@....idata.......`.......0..............@..@.rsrc...<....p.......4..............@..@.reloc...............:..............@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Io.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):317440
                  Entropy (8bit):5.468675230535733
                  Encrypted:false
                  SSDEEP:6144:8wj5FeX7XXXHuz/qfaPR/MKrI2yTMsucoI4:Dj5FeX7XXXI/pLITT3
                  MD5:877101DF94BC7D028D7044116F470FF8
                  SHA1:201AD10F3E5EA55C779CB040F1980884D5E96930
                  SHA-256:906254BE70784144FAF428EEFFF885027154D65DD4F459238947B1B387102F7B
                  SHA-512:6EBFB62B9184303467E15B30B25D63388A33368AD4B2B2D7F130620EFA1D1B8B57142DA3E55D54B6C49A84D4332146098C14AF4620094451419ADF72A408D582
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........9...j...j...j..j...j.$j...j..j...j.%j...jq^.j...j.?.j...j...j...jq^%j...jq^.j...j..j...jq^.j...jRich...j................PE..L......[...........!.....H...................`............................... ............@.........................0....>..H...........<.......................,....j..8...............................@...............H............................text....G.......H.................. ..`.rdata..;....`.......L..............@..@.data...L'...`.......H..............@....idata..q6.......8...d..............@..@.rsrc...<...........................@..@.reloc../4.......6..................@..B................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCodec.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):18138112
                  Entropy (8bit):6.619764067286958
                  Encrypted:false
                  SSDEEP:196608:iEpDzDY6NOyHBYqL5ChqIFMqrOOUw1V19DgYB8imv/Ime/G2z3Pn8zPmX/oTz9q/:Bp6UYIe/FPn8zPY/oTz9J
                  MD5:C199CB94916581068661A3449FB5FFCE
                  SHA1:408990AD8ECC516DFC9DC6E3DA68BBF880823735
                  SHA-256:C7C5506450D2AE2470719ED831EDF4E1A875FF9D494555F6C9515D7015716632
                  SHA-512:630ACE29F31E87A72713B27F9D59C991A65CACD25A00C04DE97667A7A38D4F1DBF8725FD9F6713ED580EA39F04F7ADC4008B44D1943DAFE09455380EAA38E251
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.~./.../.../..."..<..."..."..."..+..."..(....#......#..>........./......./.......B."....#..J....#.....".......#.....Rich/...................PE..L......[...........!..........#.............. ............................................@.........................@...8...x...D....@.......................P......N..8............................B..@............ ...............................text...,........................... ..`.rdata...6... ...8..................@..@.data....@...`...T...@..............@..._RDATA..0...........................@..@.rsrc........@......................@..@.reloc......P......................@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaCore.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2364416
                  Entropy (8bit):6.694951716100846
                  Encrypted:false
                  SSDEEP:24576:jtvhxnx32rLWGF43syp+/dTHzpT5lfzooM8veaqTPPe50N6MPZ0CNYXPl1TwDU7e:hv12vZyp+1THzpT5lfzooG0ADU3vWiy
                  MD5:BFB9C028AA7CB5D624B18D07C0A7B858
                  SHA1:1A2CB5ED9652A4D94EB812CBD5E406ACF34EEDDD
                  SHA-256:C54294B8E1261C759C9A67D8B63E72E04A158B3CB6394576D72DA216ECF9821D
                  SHA-512:8E1C3E4A70DE8E36371E2A67B1A2DD4EDA501F8A983E6FE96301372687C206809E4B27DA0FBA0D0F8ACEBBFF9B93E8F6A3F17006E6902175814E64A37C2515BA
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gf.............T......T.....T..... .......T....H..........}...,W.............. ...... .......T..... ......Rich............................PE..L......[...........!.........,......._.......................................p$...........@..........................P!..,...}".......#.......................#.t.......8...........................pm .@...............(....G!......................text...`........................... ..`.rdata..L...........................@..@.data........"..v....".............@..._RDATA.. .....#......@#.............@..@.rsrc.........#......B#.............@..@.reloc..t.....#......D#.............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaExecutor.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):409088
                  Entropy (8bit):6.254530632146251
                  Encrypted:false
                  SSDEEP:6144:C3XA14tHO381RFTxRc14tR5wZLq+qOoecKHu7jo7lB:Eo4tHn13s14tR5wWml
                  MD5:F869257B0A21AB5B3A559EE4F2C5EA7F
                  SHA1:867ED1DE17354B02B8A15898E9DC6D0E28A00D0C
                  SHA-256:49577FF5E433CFB2113BC87D0AF8E9974B717F6B6C86378E87CAF302FC63B2E2
                  SHA-512:4A330E1E3847B03A8FCCBA4DF051AEE15BC780DA111F9F55520890FFD7B1048333D1D2F9613F988CCE607BB69BD440767FE6E1DC273EDA04EDA057062DBCE98F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+..E...E...E......E......E......E......E.......E.b|....E...D...E.......E.......E......E.......E.Rich..E.................PE..L......[...........!.....d...................................................p............@..........................w..i...<................................... [.....8...........................X...@...............(............................text....b.......d.................. ..`.rdata..v<.......>...h..............@..@.data....>.......:..................@....rsrc...............................@..@.reloc.. [.......\..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaPipeline.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):354816
                  Entropy (8bit):6.3367935336230365
                  Encrypted:false
                  SSDEEP:6144:pdh7iFQ/m+07OIT9qrz1WZ2UkSQKUzmQMS:pjmQ/iqmIrzQZtTQT
                  MD5:BE46894C56CB84DA9F04AA5265E231C7
                  SHA1:62E895C2212957A909EA36F7C475E932CEB66227
                  SHA-256:D5AA6F67DEF6D7CDD460753E52901D32316103B23C6B8AEEBE5968EF674C19BC
                  SHA-512:A20670A02170FB28FC4D69D91D0A5EBDEED137DFA251BF6D9A4BB670B8046A8CB7D1F17F498D1043BAB3CA1F559A3720B395023D505A13C45DDA1F6D01C83464
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..g...g...g.......g.......g.......g.......g.2N....g.Z/....g...f...g.2N....g.2N....g.......g.2N....g.Rich..g.........PE..L......[...........!.................y....................................................@..........................n..6p...........P.......................`.. =..P...8...........................H...@...............L............................text............................... ..`.rdata..fU.......V..................@..@.data....%... ... ..................@....rsrc........P.......*..............@..@.reloc.. =...`...>...,..............@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProcessor.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):980480
                  Entropy (8bit):6.522582133370039
                  Encrypted:false
                  SSDEEP:24576:V7JwulKFvjKFvIrM3dhrU5iudWmZ39dsdp:oerUsRM3E
                  MD5:AAEF5871990D43A988EE6E2BAFF547D6
                  SHA1:D154072DE3F1A1E611545BCCCE241DC95FA4A4E3
                  SHA-256:2EBB5F7A39D7EBA0CD86B23DBEEEE3E39D8C4D38E9AC3EBC6606285DEBF6585E
                  SHA-512:21B0CB1A2986A432E7E3E54B12D7A69C5D097C85AB45512D4A0F30648B017270D1CFDAB42BD7CDDF1FFD881CE871A7CFB4815C60F2D03F71C69BE3F581DC646A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............r..r..r.. ...r.. $..r.. %..r.. ...r.W....r.?....r..r.[r.[#Z..r..r..s.W.!..r.W....r.. ...r.W....r.Rich.r.................PE..L......[...........!.........................................................@............@.........................@u..g....v..................................45......8............................T..@............................................text............................... ..`.rdata..............................@..@.data....0..........................@....rsrc...............................@..@.reloc..45.......6..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaProtobuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):508416
                  Entropy (8bit):6.591177229137022
                  Encrypted:false
                  SSDEEP:6144:Gurg5Enecw0YlWXlEwpWa/WoXY7D077Km6jU:Gurg5h0flZ3eeaA
                  MD5:B3767D239D73908D45B8B29D41253875
                  SHA1:32FE0623C373A1E51A35AB674A0120FD0ED79260
                  SHA-256:3341857064C2C29E45396BB1B92BC117CA635D618095C2EFAD376E7CA8759D33
                  SHA-512:96FDBC00B31F960617B21EC438CC2F71AD9CE9C5100CD97C5E033B81B496DD1827C2C41574AD1CB534185FBC6EEF6BE59686745190DFE3EEFDB71CD3C7789778
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ah.G...G...G...JR..E...JR..K...JR..C...JR..B......E......D...G.........F......F...JR..F......F...RichG...........................PE..L......[...........!.....n...X......w.....................................................@..........................H..#.... ..d...............................hY......................................@...............H............................text....m.......n.................. ..`.rdata...............r..............@..@.data...4....p.......Z..............@....rsrc................f..............@..@.reloc..hY.......Z...h..............@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererAudio.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):201728
                  Entropy (8bit):6.623846085328017
                  Encrypted:false
                  SSDEEP:3072:xlnu+s7lzWgMijebN6dTEnz6Ppc7tuuTbJ4hwhOGscKe9WjywhBGiiCxmJKB2BI+:xY7l9Wz4rGinmF8B1KE
                  MD5:8272A503A52717600F3FF45B49629878
                  SHA1:9FD91F1AC63DBEF9268F75A0ACCEBAECA506D1A4
                  SHA-256:A05205DBF5B3DAA00E7FAA919DE30731A7E19D79460BC081F8236AD780949EE0
                  SHA-512:D1172062E5A2C210A4517A24F7FBC05F9EAB7CDC1246D4D455D1B79C96A4FFFCCFDCB498625F22CDEF39891D31F713BC6D283B85A8123F1B81B949529B605475
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F..F..F..K.9.C..K...J..K...B..K.;.B...f;.V...-.B.....G.....E..F......x.V..F..j...f..N...f:.G..K.=.G...f8.G..RichF..........PE..L......[...........!.........................0...............................P............@.........................P...m.................................... ..."...4..8............................y..@............0...............................text...t........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..."... ...$..................@..B................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererHardware.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1080320
                  Entropy (8bit):6.194231240668573
                  Encrypted:false
                  SSDEEP:12288:C6hvUoUijN9iIDparW8m7GoXwFgsUEgXAD4BiArp9l8DbR39:04xcrW8m7XXwFgsUEgjiArp9wR39
                  MD5:0C500B061705FA7B167B378720A8DF79
                  SHA1:6933F08F54D26F7EF95013EF6F453CB609E69009
                  SHA-256:6B1B1B8971300E674B349FB278BC2CFAB4AF0AF104F734FD47315E2B0C92CBDC
                  SHA-512:0ACFE12E314EAEE0F3AA786454A1C3A0DFF0965A2EF749CE6B91142D1CA86EA1F9A1074438DAA67A5073408CC27F5C8A03209AB308FF5D8CE8E21E5BEA9D7FC0
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.).P.z.P.z.P.z...z.P.z..,z.P.z...z.P.z..-z.P.z..-z.P.z"..z.P.zJ..z.P.z...z.P.z.P.z8Q.zT_.z.P.z".)z.P.z"..z.P.z...z.P.z"..z.P.zRich.P.z........PE..L......[...........!......................................................................@......................... ...D...d$..h................................... ...8...........................x...@............................................text............................... ..`.rdata..............................@..@.data....'......."...f..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererSoftware.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):6307328
                  Entropy (8bit):6.47977249711633
                  Encrypted:false
                  SSDEEP:49152:eN5QyxEZjJS5VZwMrrxMhcbiR+goFpcYcxrRzVHQuNT5Ph/rJYtwUWYOBjpaTsuf:aPEla0bCupJEarpl/qdsnr+9o+NMcXg
                  MD5:F490E26041F76FE800AF07E0E5027F6C
                  SHA1:5E964D45C51B6F24E749A661D03F6E93040030C6
                  SHA-256:0D855C08986611D58A1D7B7CE78260B22C3329D22E72C86017A5981472ADE288
                  SHA-512:AEBE063DCA88D887F04CDE957545C9660E5CDEC51646098D16FA625562477F6B6B1669B3E776D520E7642E2FCB074D4E55AB313240FB6438AB21399C3B8ED179
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..un..&n..&n..&c.A&j..&c.~&b..&c..&j..&c.C&j..&..C&~..&.hU&i..&n..&..&n..&...&...&E..&..{&i..&..B&o..&c.E&o..&..@&o..&Richn..&................PE..L......[...........!..... ^...........]......0^..............................``...........@......................... .^......._......._......................._......7^.8...........................x.^.@............0^..............................text...D.^...... ^................. ..`.rdata..V;...0^..<...$^.............@..@.data...h/...p_..,...`_.............@....rsrc........._......._.............@..@.reloc........_......._.............@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\MediaRendererWpf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):181760
                  Entropy (8bit):6.478986844878231
                  Encrypted:false
                  SSDEEP:3072:Jo4bkaL8OkaL8OkaL8OkaL8x2DWWlNRkXYDYhRMTqqoYrrvCfcSA7ARER0zRMolW:QDDDAHqfcSA0NWzsD/Y+Tx28hqKI0
                  MD5:275F348BA8CB9BE157EBB3DE261C6FDD
                  SHA1:C3D08E2B5215DE31D5C791A2B9B851601C589647
                  SHA-256:C90699768E23F944D566CB1BCA5C51336436BDFF646C73ECE74D02D8CB9540E8
                  SHA-512:6E325DEA7962863C2F300866ABA0A9142C8F85631AC64B3059AFAD4EF6B1BA565007FBB722E8588520CC27A50A1F1B3B03789BB96FA31218A81A06F0A7DEA2AA
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y.......F.......{.......G.....O.{...'zm.............C.8...........O.C.....O.z.......}.....O.x.....Rich............PE..L... ..[...........!................ ........ ............................................@..........................m..P...`p......................................`$..8............................8..@............ ...............................text...@........................... ..`.rdata....... ......................@..@.data...............................@....rsrc...............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetClr.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):773120
                  Entropy (8bit):6.25997723445302
                  Encrypted:false
                  SSDEEP:12288:jVNUV3knecSZgKUYYPQ7RPGvIg6gO6DT2y/q9EvG7ptJ16l8zx/Se7GcPrl4TE:jVNUVUepZgKUYYPQ7RPGvIPgO6DT2y/W
                  MD5:9E4A42C1EFEDBAA86024E1B20F4C704E
                  SHA1:7A92BB1B7BBC946DECDF4E3B23D84DCC7CFB34B9
                  SHA-256:92BF9ED440B12A8D946D3BBEE376057914E11DBD70DED8430C5A5E6499914D64
                  SHA-512:144E0E68B0540B59CC978B1710486C8AFEC0BFD0D33C85CB62F67CDAED41FB7AF25960EE50FD19BF478837B8DD72D20707CA134566B7C07FA77CFAFC4104C86D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?#.O{B..{B..{B..e.c.yB..=...~B..v./.yB..v...wB..v.-..B..v...~B....-.qB....;.xB..{B...B......rB..v.+.zB......zB..Rich{B..........................PE..L......[...........!.........8.......P....................................................@..................................)..................................L9..0...8...............................@...........................4...H............text.............................. ..`.rdata.............................@..@.data....K...`...F...J..............@....rsrc...............................@..@.reloc..L9.......:..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCore.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):6572544
                  Entropy (8bit):6.505882033281675
                  Encrypted:false
                  SSDEEP:98304:gIg+sz6+83Be2+WJmX3rROzCSVU7Vtxdo:gIgZGz2
                  MD5:DDBFDB894F8D8DE2E91719A65763AF5A
                  SHA1:8C14B821A190B6222144A633F02826888D3B4E56
                  SHA-256:B3217E8003629E25483F21947C8F15DB21B8BA3A364B393040B984C69CB9C061
                  SHA-512:DDB759A3813C8F7973576276A43E46C42CDB241D80FE203D97AB154873A13C38F15272B161D9F3512E697EC7EFBD2CBB362D9F09724F571A2944480BD7A67FA9
                  Malicious:false
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........zS..)S..)S..)^..)X..)^.+)_..)^..)W..)^.*)T..).?+)[..).?.)I..).^.)\..)S..)...)..U){..)S..)..).?.)...).?.)R..)^..)R..).?.)R..)RichS..)........................PE..L......[...........!......J..........{-.......K...............................d...........@.........................0.X..\...5]......P`......................``..V....K.8.............................P.@.............K..............................text... .J.......J................. ..`.rdata..<@....K..B....J.............@..@.data...`....P^......6^.............@....rsrc........P`......._.............@..@.reloc...V...``..X...._.............@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetCs.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):10240
                  Entropy (8bit):5.0138430769939895
                  Encrypted:false
                  SSDEEP:192:Zfs3B//Rta62ZPzFsmanjhndwizwAgIT4bSDU:m3tbp2hxsmanjhnaiz8UU
                  MD5:AC199153D54609463CF72F4763F94A96
                  SHA1:4D4C67E6FE9400021EEF7E0E3AD1FE23426578F8
                  SHA-256:0395C58080A55DD61D356872000A54607142ECE389ACD73C46C058374F61FA86
                  SHA-512:85D168B29D98C80C8986857FCF60AEF9CA8262F976BC036D318C81555C7ABD1FE0095E7EDA6CA007C06FE21D657CD8D40282221C9E48429F51DED0B60B2EDEB3
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......[...........!..0.. ...........?... ...@....... ....................................`..................................?..O....@.......................`......h>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H.......l&...............................................................0..K........-..........*..(...+..2..-.~.......r...p.o....(....(...+o.................*............2.....0..@.............-.*...(...+.,..-.~......~....rA..p.o....(....(...+o......*...........,....Br}..ps.........*..(....*..{....*"..}....*..{....*..{....*"..}....*..(.....s....}......}......}....*.0...........(.....(....,.r...ps....% ....o....z.(.....(....&s.......(....o....o......o.....(....r...po....,...(

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\NetProtoBuf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):353280
                  Entropy (8bit):6.587369278486701
                  Encrypted:false
                  SSDEEP:3072:yR2/SxAG9I1HLXJHNL4/aXF+9WNn/8ESmtIbbbbbbvcxxMGxaEpo5If0J+HKChfg:y2quHpZFRFoglSVBQKCI3
                  MD5:2B4EE8D9693400CA900BDA2583A5D6A9
                  SHA1:CE801F658DE9AD6189CE5201525D5E98D7A07F19
                  SHA-256:16D5F66C08DEC1E5E15B3F2F17AA6943591D88B02E1E81129945A05614C7FF61
                  SHA-512:E492665FE5DFE8C681F8009504F129ADE0D697823D0A3A09331210C0D523ACB378F379BFDE4F4B8AA89B22A9B36E0DE906D1A455713CCD06238733887C0EDEFB
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z[...[...[...V.-.Z...V...W...V./._...V...^....)9.Y....H/.^...[........H..^....H..Z...V.).Z....H,.Z...Rich[...........................PE..L......[...........!.....f................................................................@.........................p.......X...x....@.......................P...<..................................x...@............................................text...Te.......f.................. ..`.rdata..............j..............@..@.data........0......................@....rsrc........@.......$..............@..@.reloc...<...P...>...&..............@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SSPI.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):158208
                  Entropy (8bit):5.246446484654594
                  Encrypted:false
                  SSDEEP:3072:kMdXfXXXb4YYT4JYKaMYYMwYPbH0Cj2LB0aY+DuI4XvquBkTg2j+lEe0iMe6YhGd:kMdXfXXXS4G0u2L+YVSvO4Dh64v+
                  MD5:02F6098E41021F6826E8B3B861C2AFC1
                  SHA1:2EDFFA841365DE09BA9F4DFC766D55F2812DD180
                  SHA-256:FA32EB6A16B1BE585A3996F6B6A0AD5DFD9D2572B2DB091D2A827BCE892DCB93
                  SHA-512:560B87CCC1C88278B3C1F8BE750D600BBE47F64A304646BB2871A69F48C7417511FC4A24E5E03D9AC041C96E6A4B5B57A666750A1BFC380A831C4B64B5859145
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ff..ff..ff..4...ff..4...ff..4...ff..4...ff.@....ff.(....ff..fg..ff.@....ff.@....ff..4...ff.@....ff.Rich.ff.................PE..L......[...........!.................E....................................................@..................................S.......p..<.......................@.......8...............................@............P...............................text............................... ..`.rdata..ow.......x..................@..@.data........0......................@....idata.......P... ...(..............@..@.rsrc...<....p.......H..............@..@.reloc..i............N..............@..B................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Converters.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):60416
                  Entropy (8bit):5.687450292166787
                  Encrypted:false
                  SSDEEP:768:3ADvjFvQlox/dpgeY1dQnHa8xeKPwxuOu3SCvG5J0uOKjAKXTj2gsRQeTB48zZTS:3Uvxn/dHvMKYEpiJnmaTl8zdkT
                  MD5:02E465A8BF8C8F61D673CB819F75E086
                  SHA1:493B0F7B58AC74EE95EF96F069C3448563C71DE8
                  SHA-256:2A7E2729D922C06AD7BDDF6D9FD0507D0ABD4D4B730880CC1B7749CD917707BE
                  SHA-512:A3C9C4FC83631215315F408EDA9A81D0DBECA6B2281405AEC72D462F06CCB7964FCA4951C8040005F768DB518B043D7E0B4F04872E668B31F74B8DC2DD63786C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e2.M...........!..................... ... ....@.. .......................`...........@.....................................O.... ..x....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B........................H...........T~.................P ......................................_c.aF..DJp[d.........>'.;.....Y.$..|\......7.]n..k.L...e...k.S%_..`...;CV>?b...........wp..#`+."...>.e..'..F...h_.l...*^.(.....r...ps....}....*.0..$........(....,..*.r...p.o....9.....o.....>.....r...p.(....,..{.....o.....o.....o....s....*.r...p.(....,..{....(.....o.....o....s....*.r7..p.(....,..{.....o....( ....o....s....*.rU..p.(....,..{....(....( ....o....s....*.r{..p.(....,..*.{.....o.....o...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):106496
                  Entropy (8bit):5.222207233654429
                  Encrypted:false
                  SSDEEP:1536:HHUeXc9NQqkvF7gcIUEVVGwDgwharh+JYSWa1pArtSr8WSltbv4zRDF:UyJ7g1U8psCarhApArtSr8WSLv4zRh
                  MD5:FE2EE1EA75B889064FC6BEAAFB782452
                  SHA1:05F0B426AB884000FD62A39389B4BA5A73486F50
                  SHA-256:798E8294528AED5C44F5CBEE28F86676B29B4A424003D0A0395D990B92464C20
                  SHA-512:62371F4FB0F04288383D70CAAC8716FA0E4C6D4D9265188D20C3B9B8F3BDB5B8FF90D8667485CB51EFF5917339457F7ECDCA2B11DB227C1ECD1F54D0BC02276D
                  Malicious:true
                  Yara Hits:
                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Core.dll, Author: Joe Security
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X2.M...........!.....p... .......... ........... ..............................G.....@.....................................W.................................................................................... ............... ..H............text....c... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Css.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):77824
                  Entropy (8bit):4.813058715062567
                  Encrypted:false
                  SSDEEP:1536:4Am11X/0JQ5rdTer553nyrbSe9PTzNvLYMsMIk60q:4Am11XKyrb3PTzNvLYMsMbu
                  MD5:548E9787F860070981CFD20DB6189838
                  SHA1:3515F44309EE1D23FDFC4294DED74DE14B661168
                  SHA-256:252390D9EEAE1984B0DE8489B58600E86C75BCDF69BC8FDC623190DDE8455A58
                  SHA-512:578F0739F1925FDCE1B4219B451D22BEF5C2ACAAD2DFEF0F840EBD3E7274EE919F1B8599021986246935C38A5D0B07B3E2BDE49BAD5D79CE92B50C733D34F401
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\2.M...........!......... ........... ... ....... .......................`...........@.....................................S.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Dom.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):45056
                  Entropy (8bit):4.293767147869217
                  Encrypted:false
                  SSDEEP:768:Os0jvAFpVYgulHeD+AO96K21VzFXSn62VP3uUWOwKk:30IMqVi6cPHTwKk
                  MD5:FEC737A93331737EA65DBA37501B580B
                  SHA1:05FD4B085DAF274496B1CE18F710BF7C861D92AA
                  SHA-256:7936F0CC2BA44630E0C204754BBD633577CB1BF9FEBC11D5359913B31AEAD23C
                  SHA-512:3F8B478D6D90B4F36DB405D1589B9E11BAFEF2AF8F6B91F6CF28C4C967C4447B8D597A326B16FFB10AA8EF42BDC5BA1B766088B8D71374F03074A7B28DC3387C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z2.M...........!......... ........... ........... ....................................@....................................W.................................................................................... ............... ..H............text...$w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Model.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):970752
                  Entropy (8bit):5.61314751586261
                  Encrypted:false
                  SSDEEP:24576:LKCqkTxn+ZDpYR7EScqD6ALOEskT2BBWZE/s4DzmRrI0YkBmOCdOYti2LjiTvfyd:pOXKcD
                  MD5:BCFB72617D313BF8B0F3F49D1A1B2A1B
                  SHA1:2B504E6BA124D41D9D61311A245E91AEC1FE92C0
                  SHA-256:54B9A15418FB13D199379B59DED4D295E756C576476B22703329565357E92B2E
                  SHA-512:2C25B5A8CEE7C66E252E7C1DD39AE12435133613F95610CA002BB966F457459ACECB0A71D630E155ED96A6D2BAECA823A98E7783F153FDBDFFA71761A4BF786F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a2.M...........!......... ........... ........... ..............................+Z....@.................................P...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Gdi.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):73728
                  Entropy (8bit):5.082577123383904
                  Encrypted:false
                  SSDEEP:1536:9v5F2T/mMgy2fE6Vv6FR+Z3EwDLBAeho6T40AZToeiYvsoq:ZwOhp4+Z3hDNAehns0AhPsoq
                  MD5:52E8D7BE480ED96FC8189C6B25697854
                  SHA1:C915B2953A04BD84BBC2BBFE1DA36C0612D1563E
                  SHA-256:5BA2A779B5BAA419361EEBCECC09E4606C944E883BFB6985F59A15C69E6A0D2B
                  SHA-512:9C61D9B2D0251DEDB45DDF7456FAA3080540AE1A9C8F18DAA9ED416164CA975A578BCF9C6773836C66691741CB8EE85862F474BEE5590369C3AC22BA36DE7C2D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g2.M...........!......... ........... ... ....... .......................`......t.....@.................................h...S.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Rendering.Wpf.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):99840
                  Entropy (8bit):5.881161122416818
                  Encrypted:false
                  SSDEEP:3072:1PhdHlMtWPvvxR/5kapk1h71aF1404nbpFG+cCA:1PhUIpR+kyo14/nLF
                  MD5:B9C808A4325AC72A32FB956738D57A09
                  SHA1:0DC4FE088BE2BFE1BEFB8CF6CD7242389B8767E6
                  SHA-256:8C27E92FE772A0C49ABF6A895A97A2B4E52504F853C8D284FFBE0977A923679C
                  SHA-512:332CA86A4005DB3AC909EBE7FA16435D5263127A52A85BA900DD81283FF3ACA03298E9257FB23D55C234BAE2DD7158A33769005913405566B5D56C5AF7BCB8D7
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c2.M...........!.....~..........n.... ........@.. ..............................Q.....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H.......8...H...................P .........................................1...l..].y....5 ...........?....&..!......m...6.....p...6:m...\HQ....{)FO..|..S...T.].qJ....\.X.....iw]@...zp`..F.K..(....*.0..,.........o......u:.....,..s....*.u......,..s....*.*:.(......}....*..0............#........#........#.......?#.......?(......(.......(......s.......o......o......o......o......o......o....(........,...o........(....-....o.....*..0..K........{....o......r...pr...pr...p

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SharpVectors.Runtime.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):45568
                  Entropy (8bit):5.701434551807532
                  Encrypted:false
                  SSDEEP:768:sHJPTD3zcdpbpC0FMTNDpG3JlMlfhJpqY+++Z/aNHXJuTQg3evX3v:QP/WI0a9GoPL+++Z/ywTQDfv
                  MD5:6C7D00338A84FCCA738F4C267C081B15
                  SHA1:ECB7C4063BCB52FF8E8BF7F183BC3A1FDB385844
                  SHA-256:9B5CC7BD5113D0BCEEC4951DEC8075A65D30A3AA51354C490AABC576C0FE43A3
                  SHA-512:C315107ED108CD234F33920DD1F5C3C923E72DCC4AA7CD8887CB0B2D990DDD888DA8B546B534AC289CD2DF1E5FCED192108D191657CFDB9086B1007F02AD3E32
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^2.M...........!..................... ........@.. ....................... ............@.................................D...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...e...........]......P ........................................_.-.....N...<..0x.*....Y.fEN.>..l.).\.N$.a..."./.v..F".*t..<.....n......i.8....K...O.!..809..<.....j5.k....i...W.....f.......-.........*.......u...............q...............*.......-.........*.......u...............q...............*..(....*6.~.....o....*F.~....o....tM...*J.~..........o....*F.~....o.........*6.~.....o....*F.~....o....tM...*....0..........r...p.M...(.........(....~.....s....(...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\SoapCommon.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):200704
                  Entropy (8bit):6.740973908200923
                  Encrypted:false
                  SSDEEP:6144:p7ujs5p2w1z0mmPRZgePWsQ3uC3ZiElRiBWGiNTBBU2NG:p7ujs5pr1zsZGsou6UiNTf
                  MD5:8ECDED5E5291E119A818AC18C7523146
                  SHA1:D0380247F0AF2D08D94079DA88C8BA3E883A29E8
                  SHA-256:5E26766622E42665DC020813C8DB6B88D96D7593A819B307A75D0616B0C3D1D1
                  SHA-512:33BFF22C673981F0A0962D8DA85EEE6548A8772044D75E242C989F2FAFB5DDFDD6A1A6ADC4AAE796F9898591216CC5F6F619D16725BA31EC36DFDBAAF22FB004
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yz..............I`......I_......Ib......I^.......t....._.....b.............^.....c......Id.....a.....Rich....................PE..L...o..[...........!.....4..........U;.......P...............................P............@.........................`...b6........... .......................0..........................................@............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data...\...........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Data.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):347136
                  Entropy (8bit):5.826919115858021
                  Encrypted:false
                  SSDEEP:6144:nsgrZvzrNcE95BWEKkgMvv7tCvunRJv0qSot:nPRNiot
                  MD5:A166F0461E6DAF87A2D9FF95BAC79E09
                  SHA1:BA81278B745E958D9D84A23127EF750BA96B8204
                  SHA-256:AA8B6CB8EB52F27CF3DA4F6818217C09B5092A8A075F977485E6F2340F2C1A86
                  SHA-512:646F5392C90C1175612ED7527C02A145D735C3831800845A474CB0AD239CE1D8BBA611AF07EB54E1543C009FA121A5556DC189811B264A223A2837118597729B
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..Y...........!.....B..........^`... ........... ....................................@..................................`..S....................................^............................................... ............... ..H............text...d@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................@`......H............C..............@...P .......................................>4.k.H..|&ds.&.h.-..C...S.,.......c..K...CK........>I..O..\%......b.t. .g.IX....>...2q.....(.^..d.V...i&.C..+..B..&I.w.<"..("...*2.(#...u....*...*B.....($...o%...*..(....*B.....($...o%...*.0..........(&....@.....(....9....s'.....r...p.(....oC......((...()...o*...&.r...p.(....o?......((...()...o*...&.r...p.(....oA......((...()...o*...&.r...p.(....o3.......((...()...o*...&.r...p.(....o7.......((...(

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):2276864
                  Entropy (8bit):6.07403114110755
                  Encrypted:false
                  SSDEEP:24576:/3p52/SWwwVU3xEakS3SPrASNmc+s1g3IR487hM+GQaa3:/3pQ/SMVLlvhM+GQ
                  MD5:84D771EA68463EE46CA100984A4140E9
                  SHA1:EA1619EB222C27C2245E0A0E5E35013855A714FB
                  SHA-256:9C84D26C89AD1DD106115CCB7AEB9ECA285C222528C621342EC3F3FBFB59F8CF
                  SHA-512:BDAD9DDDB4507B4AE0602E02024B4EBD6008502FFC15BDAF72AA76BA6C0D03FA95417BD681D31D492F16017765B5C0F7DFE03A854EF3CB61DA24069943D62E96
                  Malicious:true
                  Yara Hits:
                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.DataVisualization.dll, Author: Joe Security
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!......"...........".. ...."...... ....................... #......z#...@...................................".O.....".......................#.....T.".............................................. ............... ..H............text....".. ...."................. ..`.rsrc.........".......".............@..@.reloc........#.......".............@..B..................".....H...........d...............5G..P ............................................b.t.(T...._R.k.2{R.......2...,..Ii....l<b.k.4v....}...{.....m......|..2n...9&.k....Z..x.)................[....j~"..(1...*..*2.(....o4...*2.(2...u....*6.(.....o5...*"..3..*.*F.(2...o3...o4...*.r...p*...*.r...p*....0..........(5....3..(......(6...*.(7...*....0...........(2...u......(8.....,g.r)..p.o2....T...s9...o:....rQ..p.o4...s9...o:....r[..p.o6....T...s9...o:....ru..p.o8....T...s9...o:..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.Input.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):606208
                  Entropy (8bit):5.937446368437846
                  Encrypted:false
                  SSDEEP:12288:RCuagv8Rp5HOtjkb9Rbgo8gx25YyFwBxvwnZ:sutv8Ratjkb9Rb/8+25Yy
                  MD5:9E803C8F5C3DF8C756A7726E5C1EDDBA
                  SHA1:CD1E48BDBD2E6A0908BA47BB084C08E85992B813
                  SHA-256:4E850D5C83F40B9966224D5439DE4D44E1AAAF1A1B63B05B49C3C235795F92F8
                  SHA-512:DFA36B93BA5E9D958DF6D6E2B618E5DE48ABD6B2E73437B088192693B1C418EC450A61F467912DE01743C1D1BD1E0BA266EF2BB54EBE5C71533C537735D47B27
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..Y...........!.....6...........T... ...`....... ....................................@..................................S..O....`...............................R............................................... ............... ..H............text...$4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................T......H.......\...89..................P ......................................%.....N...\*LF._.....=.^..R#.=....U..4......j..l.P.U.^..d_..%.q..%&l7j:....l1>f.`.p.Cy..n}..XK}W3^5.uO,....q.Bo.eF....LS..-..(5...*.0............o.......(6....*....................0..)........{.........(7...t7.....|......(...+...3.*....0..)........{.........(9...t7.....|......(...+...3.*F.~....(:...t....*6.~.....(;...*F.~....(:........*J.~..........(;...*2.~....(:...*6.~.....(;...*....0..&........{..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Controls.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):3807744
                  Entropy (8bit):6.261137696560432
                  Encrypted:false
                  SSDEEP:98304:A1LgK6JRbbJ45j7Ha/zsS2bu5MbbzOpJbrc3Me9DMbJcioxcKK2SewFiYCJc7vfY:A1g/J45/9iD54
                  MD5:A2DD5BDBA7BD6F0716496215CB955EE6
                  SHA1:59B52DFC09F9696BBCA2F75663ECC3177E4CEEE2
                  SHA-256:4123E0CE0C2BC0E40C84E4CBA1BE9955A5AD4EC1BB0CB898241BEDAD231637A1
                  SHA-512:BE40D232C7EEA5F9F58C3F9E6E542C7448C2BEFCE54056ECB3B1C7C10311044B331371C77D125B108E03CD93EF0FDC3253F73561AB3F827F139E4ACC4F533174
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!......:........../:.. ...@:...... ........................:.....5.:...@.................................D/:.W....@:......................`:.......:.............................................. ............... ..H............text.....:.. ....:................. ..`.rsrc........@:.......:.............@..@.reloc.......`:.......:.............@..B................./:.....H.......|F$....................P ..........................................x....m9...#$........^Eo.RM1j......l.I..Z9.......T.K:+.ls..#.S....."0.t=..v....#G.......Y.O..#.x...Vh.Z....6......CF.~....o'...te...*6.~.....o(...*.r...p.e...()........()....s*...(+........*..(/...*..0..)........{.........(0...tV.....|......(...+...3.*....0..)........{.........(2...tV.....|......(...+...3.*..{....*.~....-.s.........~....(....~....*...}.....{....,..{.....~3...o4...*J.r...p.(5.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\Telerik.Windows.Data.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):465920
                  Entropy (8bit):5.9966640927093895
                  Encrypted:false
                  SSDEEP:12288:zGLaQ/WSx6+JI8Lwa8IxAyYa8vSZzu4AGvaSAv8rYn2sPz2Wp+kV23I1JaTV5l:zGLt/WSxtJI8RxAra8vKzu
                  MD5:C7074554DD402DC2632B5137A818FDE4
                  SHA1:392262AAA5188553AB1147BC371E8123432AC4F5
                  SHA-256:98DD9E84C318A084A8A248F9906133ACF5F870513C3FE6537F47CF24F3DEF422
                  SHA-512:20DBF3B040929E3DA0143244CBFD156E54D0304686B7C29FAAADC8D3EB7AC8E1DD39A256E66533B36EF776AB4AB263D85F4EFD11F9097D87DEADB464E8F12474
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!.................0... ...@....... ..............................~.....@................................../..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........u..l...........8p......P ......................................Dz.z.}...6......L.F.".W1....X..H6..n..r3...3.B......(.n.~.{c."uvX../..[.....7.<t.>.&.aY..?.@..I..+.Z........5.4.MK...>\...~....*.......*.~....*.......*>.,.(....*(....*^......................*..{....*"..}....*..{....*"..}....*..{....*"..}....*6.(..........*6.(..........*J.(.....(.........*..(@....-.r...psA...z..(......(......(....*:.(C.....(D...*:.(C.....(D...*..(C.....(D....-.r%..psA...z..(E...*>..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\VmsPlayerApp.exe

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):1604248
                  Entropy (8bit):5.40275707121353
                  Encrypted:false
                  SSDEEP:49152:Yn5c2MMME7RogYjXLofpefuRGEuZOpIWKOr2Np0h7hZJQpHXm:f2+Xm
                  MD5:D765EA0161DE3E064BA59EF0BB67BA12
                  SHA1:1679CDD4F60AA24A8BBD9D39969833F4EE541234
                  SHA-256:8CC2266C127F5A6EEEF82142CAA6DDB00107CB9262189F768A13F9BD02219C85
                  SHA-512:8E677A9BFBBAE5F5532D25071A6C7CBF79DF73BDF9C0156407F0AC629BA9974C4BDE3E2FB8F6927EAD9C73878F2E8B7C51C6A1CF3785BA840FA8F5ABFAB96A93
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S.q.S.q.S.q.M..Q.q.....U.q.^...W.q.^...W.q.^...Z.q.^...Q.q..j..C.q.....P.q.S.p...q..j..^.q.^...R.q.S..R.q..j..R.q.RichS.q.........PE..L......[.........."..........^......V.............@..........................p......%.....@..........................................................D...6... ..0E......8...............................@...............................H............text...y........................... ..`.rdata..............................@..@.data...l]... ...X..................@....rsrc................^..............@..@.reloc..0E... ...F..................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\avcodec-57.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2202112
                  Entropy (8bit):6.756472109338151
                  Encrypted:false
                  SSDEEP:24576:kCTy/L4ppGKSB7xFA+lubsEysgt6IGqp7GrH1YznUtPNjuDulnTUqwtYHHFSik6/:dpGN9eEfinTUVCFS7yZeMjyBmnANO
                  MD5:CE66C2DBB70CE303DF6A33402DCE80F2
                  SHA1:FDC352EBD14C11BD206BECD01DB02D564FC5E88B
                  SHA-256:DD94FEABF8AF12F09964216BB847A5C4E3BC36215D5E8BA439E0F19DE705852F
                  SHA-512:60DA38ED5322A12630126988AA0791608F7736705472CBE3834E452F3FD87E2099B7B251520B4086F2509072C623677E96DF7625DD2E6608E729A08B8580EADF
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.~^V.-^V.-^V.-...-\V.-...-]V.-S.2-hV.-S..-fV.-S.3-.V.-..2-.V.-...-[V.-^V.-.V.-^V.-nV.-..3-.V.-...-_V.-...-_V.-Rich^V.-........................PE..L...{.Z.........."!.....`...~.......(....................................... 3...........@........................... ....... .P............................p2.t.......8...........................0. .@............................................text....M.......N.................. ..`.rodata......`.......R.............. ..`.rdata...Y.......Z...d..............@..@.data...Lt.... ....... .............@....rodata.0....`2....... .............@..@.reloc..t....p2....... .............@..B................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\avfilter-6.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):238592
                  Entropy (8bit):6.503206299615875
                  Encrypted:false
                  SSDEEP:3072:ohZ7W19KcNU6tNADUmiqKm2pPEcJi9jOhB6clhkiSJNiA9i23/UxX+vdyIN3pQ:zUamirm2ScV6WCLn3/sXYdhp
                  MD5:683A6B3A3C0E1DDE0809C625BA43C807
                  SHA1:52BBDA9C780D836C81D90FE72562BE50E6BA76FD
                  SHA-256:19F2FEA61D0E646C065BC352165C4BC567185A41A68A94FEC91226E9AB2A367C
                  SHA-512:A7A7362A5130A51F21E98B36DB0E3F0591A7ACD11604FF947FC2C1917B168E0017E56BB91B1618D59CCAF265315B6E30ADBDA02ACC047EFA69E3E89449849759
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.h,+...+...+....>..)...&.......&.......&........_.."...+........_......._..*...._..*...Rich+...........................PE..L.....Z.........."!.....P...p.......{.......`............................................@..........................V..S....^..x....................................d..8............................Q..@............`...............................text...~N.......P.................. ..`.rdata..j....`.......T..............@..@.data...\8...........j..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\avformat-57.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):372224
                  Entropy (8bit):6.572279576289907
                  Encrypted:false
                  SSDEEP:6144:B1Cdv4h0LlOlxl/yBUiPyCZP8nBMKOjxZd+POLQVJ30UKJJV9999PqqiCFT:mdQh0LlOlj/NfCZwcZd+P3VJ30tJJV9V
                  MD5:2004E5D2236538464725FDD2880E4ADE
                  SHA1:425E6603E66B04AFB280B1D6F29619D9442A5FEF
                  SHA-256:01BACE29AC13114983FB916F70E8E63ACF04524C6AEDE0EE9CFEC3D23FE497CE
                  SHA-512:AC7B9AF76755662FB438929ED2CBB97F014E000E401AD4D67C6E0408337717A5761D237ED5095BAB607D69DE0CF3B2EC289B5E15989EA45757483462D8363300
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................1t/....r+#.............;.........D...Y.9...........Y......Y.8....Y.:....Rich...........................PE..L.....Z.........."!.................!....... ............................................@.........................pY..W....l..P................................%...#..8............................S..@............ ...............................text............................... ..`.rdata...b... ...d..................@..@.data...@6...........p..............@....reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\avutil-55.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):553472
                  Entropy (8bit):6.513632485978667
                  Encrypted:false
                  SSDEEP:12288:U1Cb0lS7NlY0XKSCcNxHrrpn4/suAHfXiKgTp:Til2rNkp
                  MD5:2C20714423652DFED1961D323A7F0156
                  SHA1:958C72223914FBEB1D30559FF790E975374EE059
                  SHA-256:AE3591B2F4FE55675751DF7D17ED0BCF912AACC4DDF897A724B8CC9CDC7633F5
                  SHA-512:B973BB09AAD3CFF2B4D06290D5321255D73FE24C367DA96546B824E9C88293FEA1177EE2F8E2CEE9A8A5EAF4DEE783017740467716060B97E3D7F5A24212D1CF
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../I..A...A...A.?G....A.......A.......A.......A.|.....A...@...A...A...A..y....A..y....A..y....A.Rich..A.................PE..L.....Z.........."!.....................................................................@.............................36..$9..P...............................L,......8...............................@............................................text............................... ..`.rdata..ZB.......D..................@..@.data....s...P.......,..............@....reloc..L,...........D..............@..B........................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_chrono-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):25600
                  Entropy (8bit):6.053250800720274
                  Encrypted:false
                  SSDEEP:768:odJur+AUi8IiaH6aUi9as1PURkr/YSEJZQdMdv:odJurB+Fa6A9LURkrwSE7QK
                  MD5:DEF6FF056C30BBCD7B8B2D1E224263E8
                  SHA1:39239E49AA71A02AAD3F4BFD67BE842D481C8D95
                  SHA-256:D6A34B6FCC6E77805626FFDB76D83740102D05CEA54B09ADAC6D676A7E703162
                  SHA-512:A3333F10EFFE2C2C8A4FA7048BE7CE5D29B5B82A8264E67E6CD58BF6EE93D82BFBBF4FC7EDC50F1A40FBB3641E6DE5847D0AA025AB5D3704C67A4A9305F6599F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........G...G...G..../.E...J.;.B...J...K...J...C...J.9.C....s9.D...G...q....s..D....s8.F....s:.F...RichG...................PE..L...i.Z...........!.....2...........7.......P......................................K'....@......................... ]......@k..d...............................<....................................S..@............P...............................text...k1.......2.................. ..`.rdata...!...P..."...6..............@..@.data................X..............@....rsrc................\..............@..@.reloc..<............^..............@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_date_time-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):40960
                  Entropy (8bit):6.0952114647604105
                  Encrypted:false
                  SSDEEP:768:1O5sh3KaKDYVKjmcw+crq8487FgTczLgNiHkOtLS0bQL0fmj3oI:1O+h3JKDYV9cJ87FgXBOLSuQx5
                  MD5:9386FFB056721FFE875622D0658ADC76
                  SHA1:B32C0A16B6EBE100824F008C377FC5F6CF7BC578
                  SHA-256:E7264EDB735BD117D6673153B2137D1988CF33155EB0EB5154E19646EFF2B41D
                  SHA-512:CEEE53FF59116E9E4FC1FAE0CAF8753E37D049BE7018D7D90DE81A88B9BEB9AE49308A987B16249B478D369FC60508E2C710AD133C9A27695CF755CAB882FC14
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?v.?v.?v.N...?v.m..?v.m..?v.?w..?v.m..?v.m..?v.&...?v.&...?v.&...?v.Rich.?v.........................PE..L...x.Z...........!.....R...J.......S.......p......................................0.....@.................................t...P...............................@....................................z..@............p...............................text....P.......R.................. ..`.rdata...4...p...6...V..............@..@.data...............................@....rsrc...............................@..@.reloc..@...........................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_filesystem-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):107520
                  Entropy (8bit):6.356453369661655
                  Encrypted:false
                  SSDEEP:1536:NFN6Mqi0deaGHdctXPBCvtHFokoB4oNvDFUnS3Z/P/aQzqO8+5OsGFcXBF1:lade9autHFoGoNvDAcXB
                  MD5:22423ADF8891D8A4A950F409CC0C5431
                  SHA1:16957CCBB2E2AF81AE80B63AAE98DCAF77294794
                  SHA-256:6BA5393F43196DB11DB5C14AEF32A8C77F33106960E6B222DE0AE98C558C7DA1
                  SHA-512:AE263F761EC40F07A5261E4F76FB6FCC2F585C6978E97E871A61BE3DAF6A5C0A67F8F4155578B50DC46AAD1BDE1B2264B0A2BC7B602165A8E6B02C49012C3340
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ol(.+.F.+.F.+.F..../.F.&_....F.&_..'.F.&_../.F.&_..-.F...(.F.+.G.A.F...#.F...*.F...*.F.Rich+.F.........PE..L.....Z...........!................W........0.......................................{....@..........................X..;?..,...x...................................................................(:..@............0...............................text...r........................... ..`.rdata...t...0...v..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_iostreams-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):60416
                  Entropy (8bit):6.091090538012782
                  Encrypted:false
                  SSDEEP:1536:qeK6HJfq2voJdfQK12DXnV4V5dhj22/LUU8o9icSr:qjeWdfH2DXil22/wU3ccS
                  MD5:1734A38C2C674EC2D597602134CED8D0
                  SHA1:3A66C44D732E84ADC573E23FC0EE334D2237DBC7
                  SHA-256:5C8C21B4847DE9B11458251495A8C758FDABDEE5FA5B7C8E98046CDC63DDE6E6
                  SHA-512:1BDF111F25729FEA196E883021BF54A82A541C014343E72B6999782A62ED2E7FC8FA0187E59D1FBD56799946144953A825DB6993A31EADA1C3931A49D4A382AD
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..C..C...O.A..N.[.A..N.d.O..N.e.G..N.Y.G...wY.@..C......we.G...wX.B...wZ.B..RichC..........PE..L.....Z...........!.....|...l......]y....................................... .......~....@.........................@....(......d...............................P......................................@...............<............................text....z.......|.................. ..`.rdata...R.......T..................@..@.data...............................@....rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):557568
                  Entropy (8bit):6.48120229028861
                  Encrypted:false
                  SSDEEP:12288:sQdwfbwtY7+eV90abHbdd0xMaKNFEdijeCdPjpTb3qZpWvBnzD5r5:4fbwtYsMamFEdZCFNTbLr
                  MD5:9B8124F0EA01E6AD944059CB70DF9D8B
                  SHA1:6D4E0F02B38BED48B8447163CEAC8D6BB316A7D0
                  SHA-256:61425DD9CBAD197BA255CDA30F0CA2DB9FAE36311EECB811F71FF6BCDECD3AED
                  SHA-512:285FBA5452B4221C6D8415E40255CB61FA0BB79321F53858F50374966B11FFD977FC5146C66B25E132479586A56266DFE984AE0B69DB1EB77E4E459B335066C8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=&..yG.yG.yG.t...qG.t.=.uG.t...}G.t.<.~G.....sG.....rG.yG..F...<.SG.....xG.t...xG.....xG.RichyG.........PE..L.....Z...........!.....~..........!.....................................................@.............................X............0..p....................@..(q......................................@............................................text....|.......~.................. ..`.rdata...9.......:..................@..@.data....X.......P..................@....rsrc...p....0......................@..@.reloc..(q...@...r..................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_log_setup-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):519168
                  Entropy (8bit):6.450744296489809
                  Encrypted:false
                  SSDEEP:12288:lJbkc+IMTsiKkifok9huiimdj9ca2tnUZYfGstN:lJbkc+IMfihuvmdjAnUZYeqN
                  MD5:B51FE612D5BBF8FEDC0773A33D7CB5AE
                  SHA1:6075E54845D482F45264B1C90A979D2CE3BDF026
                  SHA-256:21F27F43142DE13710D977B3D781AE855E6E045B610BB79195B4901C1E3EC0D3
                  SHA-512:1CCCD1B096E4DCC43A251326526E35AFD4216E9AC441A7E8958C39A22F86B7FF2A6F1097C19390E354D0549FC3C203A63DEF6355D0D29A82F672320268B1E8AA
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K..............:...............8.............n........}8..............}.......}9......};.....Rich............................PE..L..._.Z...........!.........^......h+.......................................0......w.....@......................................................................j..................................@...@...............0............................text............................... ..`.rdata..0{.......|..................@..@.data...H.... ...t..................@....rsrc................~..............@..@.reloc...j.......l..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_random-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):5.72687015177152
                  Encrypted:false
                  SSDEEP:384:mJdJeQsfA+TrXV63qgJIuFDVXI97Q9hjdA7:CdJeQsfXTrs6gy4MQzpA7
                  MD5:0696BD17423B604ABC3A364FFB92B139
                  SHA1:DAA41DCDC388D17F7296322CED8A42C6B87CFB55
                  SHA-256:0645FB123611CA566C97A480A2CA01C18D199DB14C60A3CAD430B1F2EC717F93
                  SHA-512:2C8BF3B29C847EA7B9E1CC9B4F6C187299272C2D1374E5C17B031DC37C719BD995802CBA7FFCB71BB13B60DCCC04407A76201DB27791246AA12B97F3240E543C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X..9...9...9...ka..9...k^..9...k_..9....u..9...kc..9..t.c..9...9...9..t._..9..t.b..9..t.`..9..Rich.9..........PE..L.....Z...........!.....*..."......#........@.......................................5....@..........................L..}...pN..x....p..............................................................@C..@............@...............................text...K(.......*.................. ..`.rdata.......@......................@..@.data........`.......D..............@....rsrc........p.......H..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_serialization-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):209920
                  Entropy (8bit):6.381025902729873
                  Encrypted:false
                  SSDEEP:6144:HDHvPbeknLlSqY31TfZnvi3b/xPrVwVijkjI6hzWEOc9MiV/Vsjzj1gpafVwVsjM:HekJfY4M
                  MD5:55A528280D2FAB1DF3227905F3C4D6F1
                  SHA1:A61C0BA92198A9BB485A58B895E53AE54E4832AF
                  SHA-256:4D527949B2943C6751D0B41080C25A9473F7060AC92933A79B5BAB579A37A56F
                  SHA-512:ADB5D2D6EE7F81448EBD6BB0F6A152C480D991A0D4B402D6517C74A75B0C2D8E713E41003EBD1B3E93BC2EF3F24F194D9BF788218863776A8594FA67C7B5A471
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........R..........o@......T......k......j.............V....|.j....|.W....|.U....Rich...................PE..L.....Z...........!................'x.......................................p......>`....@.....................................P....@.......................P.........................................@............................................text............................... ..`.rdata..............................@..@.data............~..................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_system-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):16896
                  Entropy (8bit):5.8080231492629295
                  Encrypted:false
                  SSDEEP:384:TG+rX+iX15/4dtcRR7xLDpP0vfhI9VQ+jV3yzi:T9rX+415/ot87xLFsuQ+R3
                  MD5:081A8153C22C064AEE11CE93AF8AA72F
                  SHA1:2AD8568AE1B190C2BAA929900BF2E0D09D1980D1
                  SHA-256:89CBEA1F3441DFEC6127EAAEC6C963A40DB67A0FBE3727D17FD8B7DF00F82A3A
                  SHA-512:B3CDE83EA24E1F726ADD33D0E3C7F315DC75BE99E9DE52E4A8E72A130BB05FE2A51FE8B57CC71F6037B64E6CE28A4AC70B216999EE5EB4E5DF4EC6D5AFECEA83
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..f..f..f..X...f..4..f..4..f..4..f..f..f..4..f..0...f..0...f..0...f..Rich.f..................PE..L...f.Z...........!.....&..........#,.......@.......................................o....@..........................G.......H..P....`.......................p..P...................................@B..@............@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data...L....P.......8..............@....rsrc........`.......:..............@..@.reloc..P....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_thread-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):83968
                  Entropy (8bit):6.174136876271157
                  Encrypted:false
                  SSDEEP:1536:NW5D50y4GMtt/Pa8r9ooQZ6xXbbkn1/TRUCzRtwWQqLhEuWoexY1tcOpLECzoPEN:gF0y4GMtt/Piz3n1OuWW1tfE2PNS22NK
                  MD5:C78B395A5076E18F71447B9177C808E3
                  SHA1:347F0C28034FF9266B395B5B747DAA329788F481
                  SHA-256:7D79BAED96D576F7566C853195E951814D5C2885DE7050819F209B0DE57831FF
                  SHA-512:922C20687DF3DD5BA8B547B66C767F474759FEB467010149BA83A7179EAAC710413B0BF20AC68A5FEF8B395227BD3B6FD3DE1E98EE9C2BD8B9A611FA1D728029
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........||@../@../@../.b./B../M../F../M../K../M../D../M../D../.../E../@../.../.../D../.../A../.../A../Rich@../........................PE..L...q.Z...........!.........x......................................................:B....@..................................'..x....`.......................p..........................................@...............D............................text............................... ..`.rdata...P.......R..................@..@.data........@......."..............@....rsrc........`.......0..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\boost_zlib-vc120-mt-1_62.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):70144
                  Entropy (8bit):6.730762611625405
                  Encrypted:false
                  SSDEEP:1536:eWt2qIyYqq+Ib0qaehKyU41Msk1602g5TRinToIfpIOQIO8J/:Gbyrq/VhKy91MskA02iTATBfDG8J/
                  MD5:F5C8BA6E10B71BADD3F389CE6A2B4536
                  SHA1:7A116A554F79CF72458C43617FA35A88A35CEDCA
                  SHA-256:559DFBC879BCD1ACE1998CC8FCEA3B66723D5D740DA3EE4136384CBB1729C0AC
                  SHA-512:0A9C2A9710E472442B93136F2C4CB2E357555C43954279BA778BC21C64B1CFD55EEB20C0FDC47CB78EA736A9F11CB7F340AB2900C21C30F72BCBF73947C7EC7F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3R<Xw3R.w3R.w3R....u3R.w3S._3R.za..t3R...r3R.za..u3R.za..{3R.za..u3R....x3R....v3R....v3R.Richw3R.........PE..L.....Z...........!.........X......}........................................P......CP....@......................... ...Y...|...<....0.......................@..(...................................X...@............................................text............................... ..`.rdata...M.......N..................@..@.data...X.... ......................@....rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\c.fxo

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):1504
                  Entropy (8bit):3.2440500618791672
                  Encrypted:false
                  SSDEEP:24:7RDSvjbFCqKsvw4SNL0vKsvJvrfQmP/Ksvw4SNL0vKsvzJRc:FCnFCqKs/SNL0vKsBvrfTP/Ks/SNL0va
                  MD5:1B0CDB424FB6FD0047DFC95F08B018E7
                  SHA1:70587F471D9718778ADF4E3ECBEFEC3157955110
                  SHA-256:0C26950BC4962B399AF532A29A7E311BF3420D1F60BF2DD2CFAA3445A6639417
                  SHA-512:DF34691181F4AD71E376DC7F6B839CF10AF538E03E38962D37C3F03DE9FDE1C6B18D3B08044627625E62604E400E43C5462BAC05A95A6A36738C9BB76D29C1A4
                  Malicious:false
                  Preview:....<...............`......................................................................................._20................................................._21.....................................................................................................................................................P0......_22..................... ...........h...............4...........,...................................................................................................................................CTAB....#.................. ....ps_2_0.Microsoft (R) HLSL Shader Compiler 6.3.9600.16384......E.PRES..XF..$.CTAB....W.....XF........... T...0...........4...D..._21.................................tx.Microsoft (R) HLSL Shader Compiler 6.3.9600.16384........PRSI................................................CLIT........FXLC...................................................................................@.........1.CTAB....................... ....0...........4...D..._20.........

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\cert\ca\avgcacert1.pem

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PEM certificate
                  Category:dropped
                  Size (bytes):1692
                  Entropy (8bit):5.890598112050173
                  Encrypted:false
                  SSDEEP:48:LrcUqbFguInu6hFwE7AltHdR/eJtYzXrIAXRbVLvYiWX:LrcUOd6fraVjGj+r/XZVLm
                  MD5:F2D8E57D3CE77BEBDB9A44E111E37B0F
                  SHA1:24660B254EA18A1DC90B447283F63E934231C14A
                  SHA-256:593C93CC3D51AFFAEF959C57675318154248E1C14C8317A8E1F5A204653CD641
                  SHA-512:194040CCD8AF6F8666E73DC9072AFAE7961BAA12E92715C2746857BE455A4DC6832AAF10AAB1F9B17A35C031F4885604C1F30C5E12585D3B4B6FFE37F807E81C
                  Malicious:false
                  Preview:-----BEGIN CERTIFICATE-----.MIIEszCCA5ugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCQ0Ex.GTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZlcjEX.MBUGA1UEChMOQXZpZ2lsb24gQ29ycC4xHTAbBgNVBAsTFEVuZ2luZWVyaW5nLUlu.dGVybmFsMRswGQYDVQQDExJBdmlnaWxvbiBDQSAoUk9PVCkwHhcNMDcwMjE3MDEw.MzMwWhcNMjcwMjEyMDEwMzMwWjCBkTELMAkGA1UEBhMCQ0ExGTAXBgNVBAgTEEJy.aXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZlcjEXMBUGA1UEChMOQXZp.Z2lsb24gQ29ycC4xHTAbBgNVBAsTFEVuZ2luZWVyaW5nLUludGVybmFsMRswGQYD.VQQDExJBdmlnaWxvbiBDQSAoUk9PVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw.ggEKAoIBAQCl1mE+kjpHWa3rjCyTa4Q1B+xMVJbcwXZjqg6Gy5YNTKKlfYGLB/IW.cKF6AOGccChZg4W0yceeJ8cHlvwugTVl2i1ka4uaZ03/idEIeqOIml9Pl9gF0rkc.NzuRMpHJT5SVFuYxBJPOdhkpJzceNQOXHVlTX1inF0J82lw78kK9Cy7f3JaAxC7T.Ukx2qbqgFfmtZTS8NOY8dHckAqpjzSVUaQ3QVsjm8huycEXliVcsGZgZUqRyXTk+.9XA2SB2leZ9RlzNDvubI+SckWW2LHieXJhnk7cJrGeIHNK6oF6eGdEo0ANiK+Nuk.RxM9YIPL72EtXypR1Uwp+4LGoW1cSqqvAgMBAAGjggESMIIBDjAdBgNVHQ4EFgQU.C466CzcRRuGmq595fFKDzm6dqi8wgb4GA1UdIwSBtjCBs4AUC466CzcRRuGmq5

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\cert\firmware-ca.crl.pem

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):1202
                  Entropy (8bit):5.969561917106845
                  Encrypted:false
                  SSDEEP:24:LrxboP1bqmZ287tWgSUMMv5Zr6UIan8Q/5ZkVAexYaefgZd/tsy9XdlD3twDnJ4q:LrxMJZv7tSvMBZrZ/ZhexYk9t3UJw9qD
                  MD5:8959753465AC6B696A5E57A2DBBC7587
                  SHA1:BCC8B04AAA6DE9BF8085E80E2439EB37B718FD78
                  SHA-256:2570437DA8B44F0C6E50ED1AF8D0EFA8C92FE0734AE50FB39C1117DECAEEB644
                  SHA-512:47B30B740F3420FE58E3CA9F7480E672BA6B4AFD65590BB0B074CF2179CFCC66CAB9F38392AC6556C0BC8C5388756CEC9B175F481AAAED9AAA9E707369D68CE0
                  Malicious:false
                  Preview:-----BEGIN X509 CRL-----.MIIDTzCCATcCAQEwDQYJKoZIhvcNAQELBQAwXjELMAkGA1UEBhMCQ0ExETAPBgNV.BAoMCEF2aWdpbG9uMR0wGwYDVQQLDBRBdmlnaWxvbiBGaXJtd2FyZSBDQTEdMBsG.A1UEAwwUQXZpZ2lsb24gRmlybXdhcmUgQ0EXDTE2MDcyMjIxMzgyMloYDzIxMTYw.NjI4MjEzODIyWqCBojCBnzCBkAYDVR0jBIGIMIGFgBSo1HP8R7wZcaWgSS/iSUQ+.A+/cR6FipGAwXjELMAkGA1UEBhMCQ0ExETAPBgNVBAoMCEF2aWdpbG9uMR0wGwYD.VQQLDBRBdmlnaWxvbiBGaXJtd2FyZSBDQTEdMBsGA1UEAwwUQXZpZ2lsb24gRmly.bXdhcmUgQ0GCCQCAurk3mOp22DAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOC.AgEApNjPXWNdh6augPmUoIqXo71qPJrYxkzNH7zEeajF8cfLCNc5eFImwZiawo1C.kFqSkRmLtSFdRgivSimaUWf9ZJ8RHGyDFsN2yqIODi/wdP52oqGD+/NgjUJsqI5J.O5EUSUWUj3ANVy4IwpwGYvsVnX0+M/bH5uK92nLny/BfpOIVPdAMEvZiAUBkJViP.3SBBePQdtFQmxkANKM4b8MjuhX+Am/BNt2/42dQD7UJOVlKqaNWbny4PnT2bNmDj.6t4OPT8/F5CD6cijLBQr3hnMHtrPHDFh+ArSoRRz7OJ3RZ/S5H55WTO+u4mS2fKk.vSATHDpAk+cf7Pu9FBQ9Fa4e+MlhGo1Q9MV/rJ+1qQJ4VIgole6HnrCAA9JZFsvO.b19U66BBX7VLqVeR0qu92OceLBWjx4IPCy0pmfT+5c9ljTzN28r4bhTk2yFW1thY.oWTn0ZWmO5rGXNzog9ecKA+gDVC1QNgl8nRjfu3C4N64QMuQW8xz+p5EhXOWkWl5.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\cert\firmware-ca.crt.pem

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PEM certificate
                  Category:dropped
                  Size (bytes):2175
                  Entropy (8bit):5.971961612649058
                  Encrypted:false
                  SSDEEP:48:LrcXGO9LzEbtko2n1z5gUy0pb/v0QHMBkHBRHUk4HSHk9b3vQt5V:LrcXGaXEbC1Pvyu/vbR0bHSHkB3Y7V
                  MD5:D2FC33C9046E2DA28D14D31BA09543E5
                  SHA1:EB39BE14CFC51AD8F6597567219C545F306C8536
                  SHA-256:644CC9D7A232CF7B153B7AC913A4D42D6E17A6ABA7B23AB96BB8327DFCBEEB24
                  SHA-512:15D04BE3E7097FE5AE349624E73E512221EACB2DEF79EC49B796401A3B001912CE35F84CF7BC2719C3271066BFCF281457A8990AA39F72C7D2AA05EF73744D83
                  Malicious:false
                  Preview:-----BEGIN CERTIFICATE-----.MIIGGTCCBAGgAwIBAgIJAIC6uTeY6nbYMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV.BAYTAkNBMREwDwYDVQQKDAhBdmlnaWxvbjEdMBsGA1UECwwUQXZpZ2lsb24gRmly.bXdhcmUgQ0ExHTAbBgNVBAMMFEF2aWdpbG9uIEZpcm13YXJlIENBMB4XDTE1MDcy.MjAyMzcxOFoXDTM1MDcxNzAyMzcxOFowXjELMAkGA1UEBhMCQ0ExETAPBgNVBAoM.CEF2aWdpbG9uMR0wGwYDVQQLDBRBdmlnaWxvbiBGaXJtd2FyZSBDQTEdMBsGA1UE.AwwUQXZpZ2lsb24gRmlybXdhcmUgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw.ggIKAoICAQC6dwuQ6qnC/DlfKSh7wcfCSd1k3uRqvWIpOE+gindLFyqDh5NBTnYg.cNKb91B9dybrgsg8jd4Fy0bW9+gZtBawlZBtvwP8aFUh0liV5TuVKg9Yl//dA7wv.NEveOpe6DZ4Q37KrAfXp9dIY1L9xOUc1QVBZj+IO6o2OrMsoQIcg/gNgE1KSxnhZ.nhDsR8UxUND/pEMoBOxv9b3rTu5a+xUrX3zCbHrXgL6KV6dMMlW6Libf1ujNtZp+.OqSOSuTM/rWVMhpyG5ENvD5wQtGMPrzYSZpFmdQHpquLa0QMMtIaaOS1wiejLCwT.KvNWpqk42aJ25XdREffVyKGgir8hhauQV/RfbQx4ZKovtw5Xjn4NGAJiYMeuELas.tj7jgMCorhLSptt1iT6Ux9pt9AxAZDhGbQFY8YnTO/2vOGl6Pu64vEajAJ4xCTxS.4HlhgHZ6Y7L0PykcqbkRAQK/v9HUmIvFj6MG8mjmCNbiAUCqRIfaPPkEvt1/v65E.OPbLS6MkbbiUB7pnMpuIanQZUepboiMc4axkXtn1nxBnxX12qSVuEYsXF9QAo9

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\d.fxo

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):1724
                  Entropy (8bit):2.642074949555477
                  Encrypted:false
                  SSDEEP:24:MyMTfC50uSD6oYb4V/4uXid8GU2KsvP5oAyIrKsvZrrlkueyy:M0509Wr46uXiXU2KsJXyIKsUt
                  MD5:40B5092A4F60910E5A6AD8902E27F42D
                  SHA1:C4F0EE34BBD43CE8B1A2BB860C8F8CC540551127
                  SHA-256:2AF929D3E90B5F02C743C6C22F19259E0447F4B6D9BF5F4AE3B2DA8933B62D04
                  SHA-512:9E72F91E62FD27EA0E5D016F776E1F3BE7D23311C6E7ACA748C3E338A2D80BED61BFC2974883E3E2DBEA7B118EADE0BCAEF4D2D00E571487D39431DE25A8B313
                  Malicious:false
                  Preview:........................................_23................................................................................................._20................................................................................................._10................................................._27.........P...............................................................................................................................................................................................................8...4...........P...L...........p...l......................................................._31....................................................................................................................................................._32....._28.................................$...@........................................... ...............................................\...X...........|...x...................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\d3dx9_34.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3497832
                  Entropy (8bit):6.592949657599112
                  Encrypted:false
                  SSDEEP:98304:PWm3Mr7ScWXx1XbhVBhe+C0cJQN2Cr4j0HltQsxJzKZSg:OmwScWXx1XbhVBhe+C02JCEjI7JzKZS
                  MD5:1CA939918ED1B930059B3A882DE6F648
                  SHA1:0C388397620CE0EDBB362BB3AB2D4A9F31A56B6D
                  SHA-256:B6F77F06518D35345FB61172B6A13159125ED60C469D28B1A2E07970E9DDF81D
                  SHA-512:D1E09DA8551E588B8D5D5837A79DA9AE4DDD6A372457D3C341E68E3DA07C0C1E84DECADEA9534CC87EF9EF38C094171004F836E6F74831FD6531CE72AAEFEB5E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]W...6...6...6...6...6..>...6..>...6..>..H6..>...6..>..]7..>...6..>...6..>...6..Rich.6..........................PE..L...\AIF...........!.....`2..j......;o&......p2...@...........................6.......5...@..........................B2..,..`32.d.....5.x............:5.h%....5..A...................................X..@...............$............................text...._2......`2................. ..`.data........p2..z...d2.............@....rsrc...x.....5.......3.............@..@.reloc..lW....5..X....3.............@..B........................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\e.fxo

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):7152
                  Entropy (8bit):3.1094097907696816
                  Encrypted:false
                  SSDEEP:96:NHH0Ow0wd0v8viurHNOrKw1qiKllpH0Kc2d8SPVE86xKUWegqRGsg5KHsqyyKM7m:pgviuj+14lpHnOSPSkelXfyMHO3
                  MD5:9EF8E07088D877D518BAF92D4855854F
                  SHA1:02B7C1CE931FEB78233C5F128FA48057D0219D87
                  SHA-256:34F6B69A80FE8853B43718825DAEAED65AE5B1F84D03891135CA2D3D3ADFF8D2
                  SHA-512:6200740C195CA858E4DB40BD6CC916C2C506A027FEDF4839CF363E8527331D1D00A2F9A13292B0AA5ED8EAC537E1F3CF756B2915D5CEA2D2A116B598F4620204
                  Malicious:false
                  Preview:........................................_59.........<..................._60.........\..................._61....................................._25....................................._26....................................._53....................................._24.........0......................................._18................................................................................................._20....................................._54....................................._55....................................._58.........4..........................._56.........|......................?.....t.?...?.2....6....?...?........_57.........................................................................................................................................................................................................................................................................................................................................4...0...........T...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\fisheyesw.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):720896
                  Entropy (8bit):7.331076905821242
                  Encrypted:false
                  SSDEEP:12288:eGekgy4OVQ3pf5LY1SWLs2psCV0rLBzHrLBzTrLBzTrLBzTrLBzTrLBzkr:njQ3pN8/srLBjrLBnrLBnrLBnrLBnrL6
                  MD5:CD3A8373D8DC1F7C662C51C05B7CF0EF
                  SHA1:EE37D167AE6D18F06E41B46B785BC69C44500A00
                  SHA-256:82D0725F76EAFF473FEDD437D8D5B889B450AA47F0DD377B9D35F02C31CA3D8E
                  SHA-512:2732475C9BA70AEDF8BED1CE0A9EF0230BCA8A3B393BD707A1CDD1690F18CC86CD22D7AB3A5D4533F292ACFD2ECD90359CE69277769E8188F7305122D541124F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:...T@..T@..T@..@.T@..@..T@..@..T@...@..T@..U@..T@..@..T@..@..T@..@..T@..@..T@...@..T@..@..T@Rich..T@................PE..L......W...........!................*........ ...............................`............@..........................+......T...(.......0.................... ...;......................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...D....@......................@....rsrc...0...........................@..@.reloc...;... ...<..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\freetype-6.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):757760
                  Entropy (8bit):6.400855830688071
                  Encrypted:false
                  SSDEEP:12288:CHDGpdRu7MdStRmVSxWy155XRWJql35Juad3NfEWmnE:CapdkoSt0AxbXoJe35WZ
                  MD5:B2A28844BA57C2BAFD6CC94D307B27B8
                  SHA1:E7C1FAF6E87F32A3A4DBB4A4F4756AAB135AEA6B
                  SHA-256:1A8F69FFBD90DED4D8E8D00831BE749C3B7D003AF0A27BD9C4C23478E57AF62B
                  SHA-512:7EEBA82445091C292D02D50FB66A397A65B5D0D420B216144C9906595AE184E7D28DC7047ED70E9A3FAE2FC6012B83AC274B357074683D1FA66C53A00171A98E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&=!.&...&...&...&.'&...&..&...&.&&e..&U@&&...&U@.&...&U@.&...&Rich...&........................PE..L.....Z...........!.....d...F............................................................@.........................p0......(F..(...............................,'...................................+..@............................................text...Dc.......d.................. ..`.rdata..(............h..............@..@.data....O...P...2...6..............@....reloc..,'.......(...h..............@..B................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Common\InvestigateEvents.htm

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:HTML document, UTF-8 Unicode text, with very long lines
                  Category:dropped
                  Size (bytes):9925
                  Entropy (8bit):4.375880833322032
                  Encrypted:false
                  SSDEEP:96:esRJRfKf3SSPoVmS9RLrVsQTQlRVqEMr2gi/wv7PavhL:eGJRfrVDnPklRVwI/8qL
                  MD5:DAC5BB0191F5AD21A2D4D8B3C0D22CFA
                  SHA1:79804D06011E658F89C7D975EE67D359B2778CB7
                  SHA-256:A6B1828448A4139F9C57FB4DA28E2B952EE0DEFAE63ADA4F391060F27BEBA29F
                  SHA-512:6089E3627820F056581A5B9CA2FD2258A524CBB880977967647EF0594CA1B8AEC1D5BFFFCAF18954FF7FE3DE73B7D096DFDA14690BACC1BCC13F5FFE861DB149
                  Malicious:false
                  Preview:<!DOCTYPE html>.<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" xml:lang="ar" dir="rtl" lang="ar" class="_Skins_HTML5___Top_Navigation" data-mc-search-type="Stem" data-mc-help-system-file-name="index.xml" data-mc-path-to-help-system="../../" data-mc-has-content-body="True" data-mc-target-type="WebHelp2" data-mc-runtime-file-type="Topic;Default" data-mc-preload-images="false" data-mc-in-preview-mode="false" data-mc-toc-path="">. <head>. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <meta charset="utf-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>....... .. .......</title>. <link href="../../Skins/Default/Stylesheets/Slideshow.css" rel="stylesheet" />. <link href="../../Skins/Default/Stylesheets/TextEffects.css" rel="stylesheet" />. <link href="../../Skins/Default/Stylesheets/Top

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Common\for_more_information.htm

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:HTML document, UTF-8 Unicode text, with very long lines
                  Category:dropped
                  Size (bytes):15543
                  Entropy (8bit):4.848277990182759
                  Encrypted:false
                  SSDEEP:192:eQJRfrVDnPklRVwbqrVFkdQu+c+0tI7+c+xtITPnIKmmTF7VKoFuUJZ88cj0qL:eQJRf5P8MGhhhqhcTfIKmmT5VLFCNv
                  MD5:EEB7BA1D234C4B3257D397D5FD7B425A
                  SHA1:C1B4080F76B123B05198F8258911A873209FA284
                  SHA-256:54D3D9023649A12D039B24DE1988418D2041CE886FD6DDD8359B73983FC7C215
                  SHA-512:37E997A8EBED3FF61FD98A1DAE206AB2274928156C6B94068007C2A481A41C89B127A16AE8B42E19987674B4E7969489CA494C6CEDD6EE1F3B369F1D085C98FB
                  Malicious:false
                  Preview:<!DOCTYPE html>.<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" xml:lang="ar" dir="rtl" lang="ar" class="_Skins_HTML5___Top_Navigation" data-mc-search-type="Stem" data-mc-help-system-file-name="index.xml" data-mc-path-to-help-system="../../" data-mc-has-content-body="True" data-mc-target-type="WebHelp2" data-mc-runtime-file-type="Topic;Default" data-mc-preload-images="false" data-mc-in-preview-mode="false" data-mc-toc-path="">. <head>. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <meta charset="utf-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>..... .. .........</title>. <link href="../../Skins/Default/Stylesheets/Slideshow.css" rel="stylesheet" />. <link href="../../Skins/Default/Stylesheets/TextEffects.css" rel="stylesheet" />. <link href="../../Skins/Default/Stylesheets/Top

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Common\third-party_licenses.docx

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:Microsoft Word 2007+
                  Category:dropped
                  Size (bytes):394106
                  Entropy (8bit):7.991397870392322
                  Encrypted:true
                  SSDEEP:12288:vX9RqF22M47E0zHfzcNH+q81ao2aAxiCoI:v7qFd/7VfEH+q8U7xi5I
                  MD5:36FCF4498210176F03F9F6399DE625A4
                  SHA1:1FFF2FC0054F6C20A2F3F23223620FCF25DA8D24
                  SHA-256:443EE1AA2C12C914F91CAC12BA4A75A1D1BA692A2D06393997715F080F5977AA
                  SHA-512:9D8C5CE823D164E55967B8E06F2A78D518338B208EE9EA95C821492A6557A4AF0CC3F9EB87CD96FF9BF2A4DAB06BD2BAC26A33AB83BFBEA2EE6644323DD2A6E8
                  Malicious:false
                  Preview:PK..........!.v..z............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................MK.@....!.U...D...?.*..u.;i....Ik...~...).....y.g.....l.1i..v..Y.Nz..`..O...%.N....l.....F...).i..6C...'9.+R..8..>Z.t..<..%.....k..Cp8.Z..G.P..`..M..$.Lb.....*...h)..|......!..UO......V....`3.B.D. {........Qq.eei2./....RKh.k.....(sk.b.v[.6.Y%.......k.!]....z.QC...,\e'....a4............H.}.l.;..0y..x'H.=:.}..F.....a.|P....&[S.x.?....>.6..H+....X.....VL...;........#I.}>......W.w........PK..........!.........

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\ACC_Menu.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):216
                  Entropy (8bit):6.684977432648311
                  Encrypted:false
                  SSDEEP:6:6v/lhPW/kW8Rzko2ThRC7jv018jzazl7kl//kup:6v/7usW8zko2ThwHM+X8Y8c
                  MD5:A95C4F29A6F87AE4892B81611FB639C9
                  SHA1:407AD43E124CD76D0A2CDE2743DE4584E1CB8035
                  SHA-256:D8C00FCBED92E06CD28668C5A65C5F8EDDCFBBB5F2983D09E6BD61E6AFBA9128
                  SHA-512:27CCABC604E685C0F2F27C933A0BE6BC21E2D24A0BEF48B6FCE460C8057068C7532E14B9B3A07463013B9F855DDA63E6DB593DF422CAEF172AFEBEFDABDE2F79
                  Malicious:false
                  Preview:.PNG........IHDR.............V.W....sRGB.........IDAT8..A..1.E...t.t.....3....FwC.0.P...6..+q*#....C.B..$.....r.K..g*...s....{1......@@}.>eH..W.S).R.8..7^<.dZJ.-o+....amE.......[|.>,...........IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\ASGraph.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 639 x 90, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3397
                  Entropy (8bit):7.672958493572793
                  Encrypted:false
                  SSDEEP:96:x6VgsgLgsgLgMpXDTHBERNCDJ/HWfoBRonRjvkNcuchPjc3:x6VgZgZgaTT5HWAiBhPY3
                  MD5:7634611191F128CDD0D1A4C0380A1F55
                  SHA1:6FE59C13403075F008C43893F3581AB481B09F9A
                  SHA-256:29520E685779D614F8727A48D82B5A41B28EB526DDC7CF6CAF634A8A71B87FE1
                  SHA-512:B968F2E9C37C9CBC409B376835C354F55C78C94EDC9037DBCC9951F6E2E633C4F12E159E96B15611F53C888D77E4AEF468EF93C63020B706525C4E7C081E5C94
                  Malicious:false
                  Preview:.PNG........IHDR.......Z......0W....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...eI...F..L.O..4...?@..02.....D.]...m....D.ME..H6..@..ufd..wv.z.....U..>...U...:Lw....]...@.4..........$r...........R.........X.!...u..h..L...Y........p."+.>....0..@d...V4.............T8...{.[...... .b.c+.?.S..DV.}lE..`*......h..L...Y........p."+.>....0..@d...V4.............T8...{.[...... .b.c+.?.S..DV.}lE..`*......h..L...Y........p."+.>....0..@d...V4.............T8...{.[...... .b.c+.?.......X...aO.>-O.<Y.......%.\..b..}lE..`...9<~.....Y)..v).}...~........2..........Mzn..=z.d..hi...R..>_.wol..14.c..{.......ol.s........_*./....,c..p...^...a._....7...u..9.,?.~..n....q)...<~?....._.~.Ys..?@`O...yX.^...g.^.\.....k.../..i)......+/..../.~.Ys..?@`O...yX.^......./v,..>W..?)g.......y9.~...F...^...4....>......5'...........OO.......5k.@.....S=?...Ys2..}...}.a)..M)..})..^..>..:......k.....+..9.....u..9..../.\..Q.;.,......*..o.../|....5k.@.......T...:.j.l...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\ASGraph_500x70.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 500 x 70, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3387
                  Entropy (8bit):7.789158505882104
                  Encrypted:false
                  SSDEEP:96:f663wuBeLAeLM77zycNHy0DEalINpbFd5rUi4+DYMAi:fSASMXzycsPRbwb+EMAi
                  MD5:5F6B6C56CBB5EC01B33926F3B1A3A881
                  SHA1:2AD168C3CA7BE820CFD5F48C746BCDD1C8E6002C
                  SHA-256:D4BC06B8932F1758B45F4813D95F6337E7A6DE069BFB7CCB0D3998EB3A908ADD
                  SHA-512:804EDF58EF1CB99EC244CB593FF23F26C69B1A91A45411D33FC6E4519D88810571FCCBA05AEE4FD3C25DB6623282C8D9489B5144C3E8E30A957CC61E45A4A847
                  Malicious:false
                  Preview:.PNG........IHDR.......F.....:.f@....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...S....q...I;...N.......Lg...N;.&?.4Sf.L.!...T....%QA..1!QD8...*..... ..E.@P14 x....................y..-.....OO8H*++#...P.......$..........222.l...-|.....C.....AJKK...7.-[.l.n.:....>.@N.:.."Aooo.~. .YYY..b.t..!....]=.:...tp......@q.:8.AW....8.......A.P...N@....(.A.' ..A........t. ...C.....z.t..!....]=.:...tp......@q.:8.AW....8.......A.P...N@....(.A.' ..A........t. ...C.....z.t.E..9I........9'-...B!...P..E.?.i..X...'.....A....,B"............dJOO./{.^... .&Gh..V.c?#.<D..M...4........p]x0.@@..1........<>>.\...,B"..m.6Z.b..U...*..}..4.&..ID..JT....o.5<..........)f``@...#.?...V./.=.....M......Q.).J.tg.w.w..'*.~..y...:7h..{..y..}|...m...-.?.Z~. .K.h......\..,....Aw.g.}F..W....7..B....y..z.........C....k.t{-...{..|...|....D.{.>.jB...?"....;.(.wO......6..\...k9...._M...p....O..M..uo.cN9_.........t.!..:{a....Z.j.t{-......9......~..v.v..D..@T.$Q.wu....{.6@...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Bookmark.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1768
                  Entropy (8bit):7.874251582879652
                  Encrypted:false
                  SSDEEP:48:5ZTqtllnOYTy5st3zyjaxVvnPZagYpH/KKs:/q3R3T/3ujs/7k4
                  MD5:792EF46D7BE72A4F23427BF27EAC91B7
                  SHA1:139F0F6F7AE360907DEB89E92B4BE401CCCAA3B7
                  SHA-256:673B2096C8F42AC8E26837581921173BBD2F033134E46A86F19D5FB06131F05C
                  SHA-512:7D2FF9A353730E92DF0B0E5CD90920E20DBFA84198110CB52C0EC7F62EC09695E2C9A40CB2FE811290E1ED332C5EB8F0A00EF58E5DDAA2E38C4EBEFBB6150012
                  Malicious:false
                  Preview:.PNG........IHDR...4...4......x......sRGB.........IDATh..YolSU...-.!..H.H4A../..>...~ F...1..5.3.3#("1a..E..A@....2!.e..j.cl.....V..[...=.......QMz..s.=......^..'DA..'.dP^2.d..@..q;B$.sK.........$...:.......!.1..%..p...2..H....c?...[.*...3.hk...N.....2.....XR..(.T..8h.`" #....c0.Tb.. H....&$BvCR........&i&.R.G...r. ....... ORRf........I.k$...qqL.;."*..ll.#B|......M.q......-...3..`t.d..a".=.Q...(I.C|.H`th.._.9....[...{NE.B#......o..Zn.8_...bI.O!..L.~...x.....I.Xg...T......r..h....}z....#!UE.@....:.....|#.f>...l...s...g...Sn...K|.c.py.'_X.....z...?.....R..m.._..........g..T..7..R..u`;.....,..F..b.*.e>...+...".,.T.`.3..w..5.C(w.d.dJ.../..^S] dzDyv(t(..0M_......<7.4}.C.G.g.B.........Q...J..9....o....>$....q.v...C.1..9..W...5V:.S.!....w...A1..l.O]..N]Y.L.....u.....-...W'<.=..).w../.;...,p..m.l.-]...V..l._n.X....V...j{.~s.cV[V.)!TQ.*j[.. .7...r...Z...n..j...SJ~.....Y..*(.. "..."...y.....v*...w.x{..........bMy.P.x..;.)!.E.(.l2...Go.....JE..Z....S...

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Bookmark_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):661
                  Entropy (8bit):7.439622035083495
                  Encrypted:false
                  SSDEEP:12:6v/76/kwtU27yjtEX2PJEw+AeNkIWCd2cO/CMuX88tMwsXwMvanCvyl7:ow377mEw+AskHCFMFL8txsAVh7
                  MD5:43F08B51A8125D7337B8FF9D8FFF79BD
                  SHA1:B80C12001466E24D92D9DF39BD9FDBD78C9922F5
                  SHA-256:72F02B91DE76BC7FBC592E05E2D9A1CBE067782F5F387392F8548C8655815878
                  SHA-512:D09A94E9534CFEC430B87807C6C87B05C9F3791119DA37C49AC7DA9EB2DCA63CE0A79B5CF4AA4007DF71F2ADA51EC65246B748E4C41C2034F9F61467AA62AF80
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d...*IDATHKc.(...LP.L.....!.....1....1..... 9...Z6 .Y.....i..b. V.bU<X....X.....O@...b)E..oU.4e..le....(.....d........|...8.(<.5}.B.....]}....8.o.....F.^a ...N..].(..n..+.....<.o....W..Aq...,.2..._w.*T;ap.h.ez.6.^1 ...N@...@<j.&... ...K...[3o.....AE .*...x..u.{..}.fl>.....-.........%.]4.88$.s.^\..!O.....f..._.......`......B... .._..V.d.QE..Qlc-..?..w/.._.7..(....]T.^.p..._C,.....'X..k....../..._._?...(.r9H..@.p.Y..;.......V..7....oq..p..Jm.g.7O.,....3t...S?...6o......|.....c.H.P`.=y:......\. ...`.$.#~5......2.UJ.>....R.......f..,.l$.....H.NX.......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Delete.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1858
                  Entropy (8bit):7.862561741697723
                  Encrypted:false
                  SSDEEP:48:UosjXKsFGe1kPh8d9bIWRp9GB1yTXxk5zmGhlc:+jXKsFdkJSIEp9GB1yTXxkVm
                  MD5:1A813437C2EAB0B2F252F27BCD33994E
                  SHA1:55D260E9FA111FAD0F62F6A46D7B807BFE928A32
                  SHA-256:CA12AAFFC981D49910394FB8755075F9935793E77E050EE0BA09403856504DB1
                  SHA-512:142363CB0C06E1F8A29BD08C5C150516C40563B554F5917A9E0424CE6B808ECD173D303672AB813009E200931F409329721306906AF9F96B9081BEEE3AC13368
                  Malicious:false
                  Preview:.PNG........IHDR...4...4......x......sRGB.........IDATh..Ym.TU.>w.....j...Y*h?L.@..B..)A..QJ.P.dE.jd?".a.eE..HXA...$....#m.MMw.u........y..{..U../.y....9.9wg.j"Z.|.9........v&r[..q(;.3..wr.Q....3i..........\g.....;u..H...m."Y8....v..........2u...k..D*......B..:... ..y9....S.6.g...;...x...'0../;A ..up.AqN..2. ...{....d.... ....i....P.@...-E[.. @j..P9..."..I.AP..c.0v....p.........(K. @..3w.....q...3.y...l....HO.f...I.+.s.S..........]..j\t.....b...M.5.J....*...cwg\.9..0.'..:u.....|.K]'z..........8iV. @X' .x. . ..../.._...$6.],no. ..4..!.. ^..;q.l..f.?...m.e.....=S9.9..t..l.#|....i.Q..].I..j.f...R1w.D....@.......e.Uc.d..}..T.T...A..bGp.....M..g..kn.. Z...'N_...z..]......i..R...7m...u..F......).Q.....;..dO...0......z..1...Y..(....a.4=a....>..~.c...N...J-.?-.r......l......".&.XQ&...x...]..+...&... @4f...Gw>%..3\....C.R.#$z.2x...d5..D.d..;.Sy"....-..<.....B...vJ.5..d.v..Tg.)...\c}-.Ik.....g.....(JG.v|v.....`N..r[-Wq.._.>pT..[/U..HU.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Delete_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):751
                  Entropy (8bit):7.3280386107973765
                  Encrypted:false
                  SSDEEP:12:6v/76/P6gi1QT9Yj2PFXmATu2yiLckjFMxcHr1n1TYJy5EgRwOVEHJ5uwKaj41LT:Da2PTS2yiJjFMxcHr1v5RLZ3ZEsx
                  MD5:E0A7C49AB0C15706C7A49DD20E08674E
                  SHA1:00B23EFCEA4B0F2C460A70F1605E7D5C24D90B6B
                  SHA-256:C03FEADA30B658CEDFAC0C9DCA222213BE6D30334771FDEDB8452CCBD43399D4
                  SHA-512:58EF7788F51D1143B14E166C41663B43570F598254728976E36CB97542D8ECB1D3CCAAD4FBFC308943D5345B73DD2A3077B7C133F789B05C92465FDECD48111B
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d....IDATHKc .0B1....Q.@...1....1/...A. y..H3;........."........I....Y......X.GJ.\@^.M@^.SPA.WL..(...@... .DY..6H.H.$..j...V/..;y......G....6.!@y..:.E ....H.....+....[........./.}.......?|......9S_..-..@A'.. ... /r....YeN.l.=..U.............l.g....+.o.7.u.' u.....;j.....gP.$xL....<.....`...W...?................_/.0....j.V....aDM.k.........s.k{g......o..%;1..G.?....X.......:.>P.R.^.R b.....g`......A....P...........@}.$.J.x....0.@.....pX.. .AlPR...X......>}...~........q....T.....@.".g!..[N............d......?..Y.<......>. .[...H..eF.<...........>........-(....r....-..P.>P1CT=.....T..`P...6.1H.$.RGr..r.H.(..a.:.\Ne......K.}Hp....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Export.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):2511
                  Entropy (8bit):7.902542271049707
                  Encrypted:false
                  SSDEEP:48:L9gCXsz/E0wA5XORJ3De4J4EF6A1MebLzYEfwg0A1kl3LzqgyyiiRwjat5U:b8jn5K1DC8TZ0ZzqgyyBwjate
                  MD5:97AA51DC34A643F3BB6D72D08D7F58F7
                  SHA1:6FB1FC8D85108E9B071EC560A679BB81D64B4F51
                  SHA-256:39E45C15286C266C7484D89A83011294F3099891079531C54D228BC86DD002BE
                  SHA-512:DAF8BDC2D11210C2D91ED7B9DF88A2878F19A3EC296465C8B0DB3B6265FBD4A65ED34A0B2AE3870B29CC6475C29BB3449B268D7BB56F780F16847A15EAA6D1DE
                  Malicious:false
                  Preview:.PNG........IHDR...4...4......x......sRGB.........IDATh..Y.PT..~?....."T@.'E,1..b,.$...(..J.6H..4..X.'.L.$h.8.D..&%...'1.if.b.".q.......$..........}....q..3s..{.9..{..-.......Pl..#.S.._.."....A.c|....s.:0_..Gs...-....}.,p..uZ..). P.........1`...E.......a ..@....I...AF."......8I.9.!Hp...`....;. P5P....A. (.7...A.O..:|........F E.. C...........@.D.|.(..2(....1..8.......\~`.D..8.>f......Yn.T...".%B`.J....M...<..@..r.(."#.dq..B.R.X....h...L..c..'...8C6...R.|.........}...&<0..........O..dG....B......6)6w.lA?d..!("..@3.N.. .....H.e.c?5I.!...p..i.m\.0...h.Z.......vE/O.q.L.... ..+...0.v.gl..{b..Q..Xk...v]j.A| ..tf......^...}..=..Y4....k....M.....(L:..|Nf..(g.....g..M.qb...0F....')....o.~......W<.......rk.Vk..!;.!..&.'.9i.....;.,...d.>=-i...........A.#qKw..x...1UO/0$'&>....r.A/7:C#.I...k.s.zGe]c...~a...<x...W.F..V..T.;/.&....4.@C.+....t...)j......;;...`9.xf9..r...5vCT\..s.8D0.!...v .h'~..D..X...!..z~..8..xH...k..........m.C...C....D;#.5.....V..;..g....3

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Action_Export_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):851
                  Entropy (8bit):7.539047620513781
                  Encrypted:false
                  SSDEEP:24:FmXpFvx9QxW4ZlpoKzBEJ8mNtI/sNNU6zI:4XpFp9D4ZZlP/sLU6zI
                  MD5:C93508124BC9D7829C11A22BDAF0D416
                  SHA1:54D922EB8C6C3DFF3E8129E7EBF320E29430F577
                  SHA-256:D1C8534430DAC03157BF731FCC1D277BF5D79F214D4E85EA5393239BC299911C
                  SHA-512:9E1B1B101A81BDB093F7544B1553D0A344C2DBAE06ED5DEC9F3A0586A1C3660B934D81CDBAB7B47F6FB313CECCA592A62BD17DC4680EE9CB86731367713A91B8
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d....IDATHKc.(...L@...X0H...A.H. M C.......X....1..s.1.2.,...d...+..&.k#a._.........A."......C.R"..l....-.j.......=.f.V5.....I}.Z) ..b.-.)..,...?....}(...K..>.% ..|O..,..(...j.V`..u.......]eee...(.../....(........G.z...T.}A.....+s&....=k>[.v/....8P...l@L.......l...sw|........'...'.Kx.N^.5..|..........*...&.9..'...@.........+..OX....0.t.Ap.....W?}...E..X.*...X..u.S;6..:....+._...iT...9'.~...j...c.(.y..k3gl8.j.....?...go9..d....:dtlq/.|..`.a.h.\r...z../@..g..h\..*......k..._..E. C.....y.........C.&b,..fq}w.m.LW...*....N.M.-.j........_k.'4.9x.#9.k.(%...".E..M..'.{......?Pa..7q...>P.7...(..y.O[....2.u.IXa................b...#.t.2..........{.....&............f...p...?.....fl..... ...H.(.@.@..(......4D...@...D...0........#.0......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_BookmarkAllStars.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 35 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1060
                  Entropy (8bit):7.699904473816468
                  Encrypted:false
                  SSDEEP:24:JWY6pCYltk4LKXF6sIN7kXUhmBZdEbK2klu4rf9sI3Sur1:JWfpCYlBKYZEdZdEYuOf9sI3R5
                  MD5:7634C2F0081EDF58102386F466E0291F
                  SHA1:B73D4820E137F351F40C07734A8F19F3964F38C6
                  SHA-256:30B13F79FEF1AE385F4EAA5D7CC973B20737E50E6ACA276064EF3C8A6D736E69
                  SHA-512:D9FF8D8A6BED5FAEA9EA8F36F2F52173FE5A6330192A4B36E5F4D9C563D1962AA4FAEADEE369CCA8DE3D5C272F3A74E7A3D31D22D3627EE4D96D0A61E4DF1D5B
                  Malicious:false
                  Preview:.PNG........IHDR...#.........pdD7....IDATH..=L"i.......8..f...ND..c..n"...Wbi.u{..y..m...u..uZ..:(H.....`$.. .:0..5W\dQ....6.O&y.}>...3....C.E=....n2......0^.l....x$I..8`,..f.)..i...W..l6....8@...z=..j}Sp..B....c.W.Qj4...i.w..u.N&......w.!.p...$..d2..UU...t:.>...e2.\__...vw..e..[..:.d.........e.\.....|>....EQ...dl0..q.f...^.....P.Vq~~.j..EQ.N.1??...X..m..q.ln,0.Z....qzz.UU..T..A.^G..E.P...1....q....`..........8...Y..[..X,.t:.UU..t.]..._XX.........A.`2..H...`.. ."*..TU.C...l.b..;../...P...R)...g..v;VWW....P(t$..>.9`.7CQ.&&& .".....<..<j...vA.4.i..a.8.0_t].....0...D8....|G......j. ..ey....P.......}..,.s..^...CL&P.......0L.i.P.........#.........$.K....<..V.Eonn........0.h..l6.f.)?.{V&..077.I.>..x@.t....n.....%..j.e.Y.k....X,..\.SSS.D"X^^F.RA"....%2..VVV....E.......I.....w:...v.a..a|...t..z.(...}ww.A.... .. ........?z<...E...#.p..}.c.Xj<.#...fgg..8.6..,...f.~...{.^.f.....q..D"......'v..p..cY.....3.....v.-...U*...x.PUU4....R...l.....(..R).i.7,..B...w.R)Z..W.m..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_ExportAllStars.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 35 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1307
                  Entropy (8bit):7.779014127851819
                  Encrypted:false
                  SSDEEP:24:JphGPahvNsK5s5gdmxHHa9lwhWPi6IhVBfK5mOWN4KuWNJhTMBe5KaFmrTsBz1N:JphmesK5s5gdWH10ipiWfNJhTee5F4eL
                  MD5:C448F92E332840D2778B82B99AD8A887
                  SHA1:602FE55404E6D8412B1373ED11493742938A4FF1
                  SHA-256:9EA387B8B1E2B43F7362530E2E49221E24126F6D2FB80778C5EFDECDF62F3B4E
                  SHA-512:A107D45E405CCDC7E66AF386B6A5A54317DF6DF681E550BB573C5791754723F28A1E26B617C55F85244A739A16E2229D7D3737F6CD00143680DA5CBE0D84C745
                  Malicious:false
                  Preview:.PNG........IHDR...#.........pdD7....IDATH..=p.H......,KV"......<c...IAa...\{..Z..5...B..&@...$..x.I..;B^}....8!&..T7..4;.....{o.._G.....R.Z.>\__.m.ZG..B.i."......=.$.:M.... PL....D.R9.P.e...I..8.t:.=w..S...... 8...,...x.7G.)%......k...i.(..X[[{..t...PJ..4....q.TU.....A@.^.O.V....j._.|.|..a<.i.p]...H....Z.V.1...W.VgWWW.z...v.7J.@p.EQ...D..>,..y.o`?C.~.... ..A.....b.....|..eNQ.yY._..F.e.R).A.r..V...q...[_.E(...b.r... P..r.X,.,...".L.ey...8H.d.`x.. . . ...0....Q..q...:|.....)....u....B.c.KKK.|..,...q.E.a.-...h4...Qh..B.......G...... .....`P(.0??....1.`.\PJa.6.`yy..R.......0fff..r.{.....w........6..".=.d2.B.677{6}..........0^.~.Z....q.8....u.W.\A>.G&.y.i._.eY.....F...<..f.<.....t.....Q0H$..EQ\QU..a..o.b}}.{{{..8.C:....$...0>>.k$.y...~.B..`.c.8.....}x..A8..{.u}A..l<......5...`x.G&.........#A.ey1.N.........m.....D".p..TU...zi.$Y.k.........lp..rb..FFF.8....q?....d2 ..R.P(.d2.h4.\..I.....J......x.TB....?......`..R.`{{..a?A.e+........vww......122.f

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Play.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):981
                  Entropy (8bit):7.742424671003826
                  Encrypted:false
                  SSDEEP:24:gz2jgfWtLlMQerqEc1uKJ2PI5MvxCxrI5fU1:giuW1n2qEc1uKkgMpyk5M1
                  MD5:5632C225971517C76FD833E1B9102058
                  SHA1:1AAC579B4E49BDF810C9976F6BAF052CEAF3F2D0
                  SHA-256:D13BD7B66AE900CCCA875456D335A9C3D814B2AAF67B21A65ED9541B6C31E17D
                  SHA-512:54FEC30F76D6B7614576B2B1BE9AF183B0E7ED69D249857BA83AFABD1A9FB6A65609F61C9926E23404D346BA4C0DCD3A113DD7F7A670736C995688C2287C3D08
                  Malicious:false
                  Preview:.PNG........IHDR.............r......sRGB.........IDATH...MHTQ..7aM....-..EH...W..-.W:#.$..M.1..h.........]....F].A.hc*D%4c:..;.y3........s.9.s.=..s.ekmm=.N.....JQ.4m...l.....nLy...B...B..!...:...AWBW@...p`..R..- @..Tj...z.8..D~Z....g...X.._..{..7V.................yD... .......|......{(.KJJ.MLL..W*6ooo?.H$...NOO...&@.n..KJ.Q..U......d2...N5R.0${Fd.>...a...,A.....$..0.........eK..2.3G.5..lz.k.X.kkk..y.y&6).%.l.I=B.A*q........*E..)g...cE.C:`...C=.....=A.....t......,..W'X.D....P..N..?\]]....+....-[.......*....y...G.._v..C..r..)...p. ..w..S...~..lM...".bO.V..".xS.....&.)w....=...n......W..T.&]............)..pC+--]D.............X...Qmll..(.........H..p.S.....^4L"..M.-.d...j"z.O....Tg..2.S.QJ:hb*...9.2uM...SC!{,........2......|9....+++.kjj.<%..~...._.a(...xgg....l.3c=..0do.A@..;Ch..d)......1...P......O..N.$.j.Y.!..8.......J.......P.e,.M..........KTY#..z..c.u.q..G......1......#....ulkk.*Ly....H.x. ._.........(....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Play_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):728
                  Entropy (8bit):7.574307524657544
                  Encrypted:false
                  SSDEEP:12:6v/76/PGA0U71LPug1o0p7gUPsP6mQep3eefx1nKLz7HiYkBEYXZeEuC:P379ug1XMUPsP9I4x5I+Y/YXwU
                  MD5:C718407CF1C54C47925907ECD9A34406
                  SHA1:F823C4D0007DC1D44EB5E16F005C64BC7D89632C
                  SHA-256:B404A6E60777D8082B39486B54F61FD2DD608A52BB45B37E919EE3BE83797266
                  SHA-512:B00E21D3327FC385980B30596F29FC1A8A18AFCB3EDC66776740AE267CA3CCECFB7CEF861EC7372D09CC82AC6869BCDD37AD28DC8FC7CFE1024EDAB291EC5950
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d...mIDATHK...k.Q.......,.B..].'.!Q.L.H..(!-"$...../.r.N...[.......c....8..=.7.~s'.,....J.r.V..0.....4..c....."..H..D.a.n3..Us$M6..W1......_...f.f..>k...d..}..ls:.....Q...7,...%......h4....W.y.AaK.U...'..!.U..-..........}Ll.p8<.v......P*....-.H.....?....s.3...^.Pp...#l..-{..w..........C..S.U..I..m..8.c.?.....vI@..S..=.A#..8....~..=..M.}D!......'..@D.....K.m.O.Mo.....G..|a.......d.z.S.8B.........Sv.......}~..9d....I...j].[..C....j.7.>f~..T..4.V..`..k.3A../..d.U..v.y.K.b.L(.r)...e.1.M..l..9tm./;.....;....u..xt...U....5......'.>..u..i-,....b.ks6..>....m.........ja..^F...'z..m...SP(.."..w.......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Search_After.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):517
                  Entropy (8bit):7.228229418752146
                  Encrypted:false
                  SSDEEP:12:6v/76pHXjihUTXglHnfF8x0MiFRVBp3x9c+UEDAs6alWCHiL7:0CTXglHNeiLVrB9cnE+IXHo7
                  MD5:5A002C9862C952E72D5279554EF3AD0D
                  SHA1:614E95E6B240749C51BC3FCF387114FF1D7AC351
                  SHA-256:0B2CC5A43CF4EB5A0FF8AE0B48980A8149E4EC03F85677F503D4B890E906FADC
                  SHA-512:186DB70CAE545E438328F3B00D3F44289D52CF0B086F7851B1F4CCC63AD6A81E92FDF6B8D2E9DE98CA4342D6BE32A92521E411E462FE0D276CBEAF0B11A767B7
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........IDATH.c`......8 66.___...K.p..K........q..%...l..0.........().M.P..33s........l..y..........N.>.=.:....-.......l.U......../_.&$$( K..%4@.}} O`..."...LYT..:.?..........dY`JDEEaL.4(......._..?P.6.FW/..8...H`.n.[.....4(.$.l 2.Y=P........R.....b.@K@)...d.."`P............T.].....1..^..T....u..P...@j..3.e.........|.`... ..d..H..\..]?..U...b........4..L..0yF.y.&.()..D...?.....,..}.h.?0i.E.gD..F**V....M.<.'...D2.^P.s.(.h.* .#.ah....!.........M....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Search_Previous.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):510
                  Entropy (8bit):7.401973382053296
                  Encrypted:false
                  SSDEEP:12:6v/76BIM9YUJtShr3iY6k13Bo6GeyiOaVjvrWCT4p/b:1IM9YUJtShr3d683Bo6GiOaJDVo
                  MD5:0001F5D8D48876E80BF43675E2AB44C8
                  SHA1:C2E878B1BD6626D77CDF5129BB987BCE63205EC2
                  SHA-256:641A5A2A4E3E7B77B3385CE46689D98E7CBF6F5EB461139003B9EDF39A078281
                  SHA-512:F6CFBCE4CA486E70C0D3E66FB4D8E0D45B46167E5A9663CE5A23C412DFA2CCAF1E128F585E470EF8BF77C8FEC7B5BB9FBF8E95EC1A1F94A6691A95C19830CAF7
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........IDATH..S.J.A...Z.Yl,..(.Z.(..Ii....!.....M.l.B...VA1....Z.].4i.....]"6...f.s.{. L..@..;.....R.L[.U....8o.8.b...Ri..-........q(....,./@.XL.z.G..E8y....U..o....@.7m.~.o1..#..@.Z.?..i.q...n..n!3...Eq=..^b%..'..X.TUU..>[...G.....;.....2A.G.d....3L.x..g$|...q.~.St].......b6(....)..>.`!Hd.Zt.}}......g<..R_.N..i..V.4.\..k.F..n...?X.9.0...E..x...l6-t....`.F9....t:.cI..?..o.D..hT.\..t...`............V.}...d..l..uR.n.~....U.vG.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Star_Orange.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 25 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):953
                  Entropy (8bit):7.767463153230132
                  Encrypted:false
                  SSDEEP:24:8T7S3EeN7MoX/9nJn57c0Vx44vLHR0Wcg6lyXnNdCdRhbe:8fyEeN7MoX/9nl57cp4vLHR0gSy3WRh6
                  MD5:F15A2C0FF0B3E67313F907D97F2D5C85
                  SHA1:EF53F761893DEDE7A0439FEECFDB647CD994A78A
                  SHA-256:2833DF54F7E2157C9888B6280FF7819C20BA62EAD4A40691A53311518EB49D12
                  SHA-512:F1DCC748C77AC1D0CDB62E6327E5DA0CC9B0FA8C2027CDD868BB13FFEADF54B3D6A585E13B643692FFE7F0CF58D7B2CFD031EA234C8C2109787D19C9FACD285E
                  Malicious:false
                  Preview:.PNG........IHDR...............V.....sRGB........sIDATH..UYhSA.=.K..Dk..*u.....j.Q.NQ....?AQ?.G...RA...Z...."b@..nP.l..*..U..]m.z.K'4..)....;g.;sg...f...p..Y..:..+.<ca.l.gq..xB.ul."..4...5....s.6.1..@D,.m.!.w.@>.3...XH2[.(.S...f.)v.u..._.$...m...O.....XK..X.$............[.P./d.S......O....>.!.l........./.#...:..............h`..L..0...l.{A!.DU.V.....aEV/n.j74W*......S[/....C0...L.....](..z..e|t...5'<8\x...#Z.....>V.<s...f....?{......q....d.W. |J.../..U...-..0hB2.....BK'.G...b.x....%.D..P".q".I.u..v.)*9.&..}.Z...u.{.Q........zBH.)..O...2...c.....Ht....OD#!.-..e\o......D.(.........v.d...dl...$..k20...|q(...n.[.V..dd..._..ajOzw.p..<lIK.......n.+(.u...3G.i..+.f..Y...).SV"..."..9.5=...*.u..K..|.....aOU...:m...Y.w..htR.G?.....(F..4...D!......a#....%.(.:.6r_..L.-.f..%Q.].CN.......PF.'B..$...,.?G...<.M1.aG..B..%..MD..9.r.H.. $..u......-..F4...Y...%\..R.JK%@W.DH.eU.+QF....7@*49P.....LLAqC.Q......W..'.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Star_Selection.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3207
                  Entropy (8bit):7.920618405294905
                  Encrypted:false
                  SSDEEP:48:rc67WBIYg8he6Y/iRo6Ihm4tOXv5r87fAKZRa01TEI7wlCIMsHEqNLk2VDN:467+g8heVSqwXRrObZEISCIMgTNo2RN
                  MD5:0AD2A4EA5F997894CE2A20DAFFEEF7DE
                  SHA1:1F042DD65E98118CEB28495DDF8F481CAA81CAC5
                  SHA-256:963DB527087444FCB4B25276620DADA96214CDED7AEF390EC1FEFCFA1E0F82F9
                  SHA-512:F0EB0FF476DCC62BAE3B8EF2EA62BEFFCA6F493BBAA9503F164E8F17DE38A11438529A4CD5DF7A24B03CC09DA40F14A1AAC5A5AE8548AC97CC59F2EFB88437BA
                  Malicious:false
                  Preview:.PNG........IHDR...4...4......x......sRGB........AIDATh..Y.pT..>w...f.yA....FLB....P...~b...jk;.."....m.V..ik............+........y.wB.......7'.....?s........{..(....[5D...B...C.?}......w.<P.KvD../..eN.....9..Fe....H.e..K.5..2.....'.. ...f....<..1Wi..!1$..H2...c.....}p..`..........(.1.........@..~j.. I.;.. ^}p.j.k.l... T.M.... ...FG.........'W.}.[.....isOK.....4....Dcp.c"^..8a .VCu....N.yUQ..EQ...E....O|[M... 3(.GO..G.+.\.e.J.YCi.n[8K<.*O.......>[.&oS..>j.+ ..$.....)2aJ...dq.+.M.2..`PMV....8.fP.....Fz@.*.*......6.....lWN.(.."...&.].H>........|....P..zd.%.......2o.@.....l.M...V.M..h...lw%..WH...>.....}me.C.A6..s@....> .cN.Z.h...Fu..../..&.a..`.fL...3h....V.._.sC...D...b....q0...4.M.I....<..fNW.....d.Kg'k.......l.9P..s>....2 ..a0Pd...6..%.c...0n.wM..+..>hy^..."cW..fM..8F .r........2.(....F....4i...&...M..Hf.)+%^$.D...<1i..y4.qF.y...T....q ;9Ds.6....$ej..7U..-.M...y3...3.O..H....y0(,.......\...y...;.....jw:.\qKI..v.8h. .#z..I.t....S.9..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Star_Selection_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1003
                  Entropy (8bit):7.733050737203999
                  Encrypted:false
                  SSDEEP:24:TYvpBw1Q2k87S0HOOiydxUQSyOSfnF1psDL3TKYVe4:Tqw9oOiKUIOSfDpsDL3TKYs4
                  MD5:0E244CD63CB313CE28F53332452C5B26
                  SHA1:098F601820769C27DFED291F337474ECEC5E1D20
                  SHA-256:0C05AB53FD2EF1BB72527236E4E8B5C8B97372881AE0821C378F2BE9D48A395F
                  SHA-512:F6210081397E5A3B09C200DA08DA1EB442A00D4858CC5156B49282C2E08B52EB6D806DB3E5DA675BB6C79354E7DB04BAECC5DBDFFFADA8C9AA350FF6B111A4A0
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d....IDATHK.U{L.a.>....M.d.L)Q.s.s......r..LkNEVi-.UtZe.*..i.......$...i.p-V..:^...;.S...i_..>..]..wd....a.LG3..b<l.L.... ...a)2.i.l..<.f.....q"6d`.vJ...?...z...2.w1.a'...8.9s.g`\B..._..<7.....4.....2p,.Nfa........wjl.E.Q'.x.c..rL.&=...0............3l...l;r.L.ZL...!&rL....^((.A..L\.,.+.9.9..Z..\r..V...<xI.7..9..Zx(..4xK....L.{..W.GJ.)7.!.7U!I.T.I........9..\I.Zxxl..dO[&v!......yK........?`....7.....8*....j...IE...YX..o.7..s.%..2.....N.".C.V.n.......j./:..ks.j..9<...Y:i.fj..Ob.nQ[.Q..Fk[;..F.}o.B.i..^..me)..'..R..b..g.oa...ZieL.-../c....,.Zv.9.......'..D.~.\<:t....m.0{...i..U..2....[...Z...pA.....5u........N.?..E;.E..*.f....W=C....+.w....:|..i".k4...).ed.9..&...........Z.nktkwe^..>..A...'.t..R. W......p....~J9.....C{Z..>...2.?|E..<%.'.u.vw...^&h........TR..X..-....6..>..O.62.J.P.;py..[*.N....*..%.Yq.c...c.H.1Z.7...C.r.1......`&W&....r...l.....IEND.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Star_White.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):783
                  Entropy (8bit):7.560927380880592
                  Encrypted:false
                  SSDEEP:24:pRkOA8ckxjgND1h+XtvKJM82yjBcFp073dnEThI:pK8ckBgle1KJM82UBv
                  MD5:A52A2E089F3CABE025C7FF933B30FC88
                  SHA1:04BBC62DC5950465440C0CD2DC075736A8F4A523
                  SHA-256:B14866F3037E3E293B46D75682EA62DACB0635281A0E512598BED0A3C767E9C0
                  SHA-512:17E8785A95E76939B65A09A18C907961862A3D3EB28E4F4E4115BA60501910BAF48FE80E8D1C566268585575BA6CCC3781F644A1566A385987404A0D9C8C15DE
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....IDATH....K.u....s}..3..M.^.. ..$(...-"[.2H...]...q.BP..6..Bb.%.\($..-........z.....{...r.......s.....9..?[v.......s.J-.....U..jnK...=..J$".\o.2\.K..../.2...Z.f.N|<>>.>00..............Z-P.3...[H.hK.~._E.....622.....8%..+e)..<.n)J..]ZZ.T*.Z....b.u4w3...o3\......~<..wvv......s.}.Z533.^..SKD....._.;.........b..?..j.ZLOO...^.".....mLa.}}.e.......x..%.....Az...s.4;;{!...\.g|...t...$.,u.,.......3.WWW..../..r..""....;8._M.(..egYWW.T._...q;".g&..\..88888:...nloo.=7...o.RCK...*.kppp..lee%......h4...111....]K.mx................g.Gcgg'677..x.......y......0)..+xY>3_cgyy9*.J..J..GP.ghhh(.#>.K.I<...C.*>....h.C.U..{.-.}._.?0......"...T..x.o..{.q..$'........7...._../.[]K...w."(..R.......,r....|.z...........yv,....p.&..{b.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Zoom.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):590
                  Entropy (8bit):7.528513257276064
                  Encrypted:false
                  SSDEEP:12:6v/793pGJ75NrF27N5QcOZYtJ2j++QJ63U9Iy08/b+LpE8l1:4QrF27X5Oqt8KN03FIb+L28l1
                  MD5:172A1F8F089F7DB292FA8AF1F6591034
                  SHA1:C3E7A375E15B74213D7508F1463C62788331F81B
                  SHA-256:1C97B9DAA1D670D864AF8B7E0C91535EEA4AB65EC659BA45E210DCF3181F00B4
                  SHA-512:80BAA20A0F0C5316DB43F64D7DEB517269831F31196BFE3AF2916E09B801C376D386BD4C0A838D5674AD75BC71FF8270A45E4E2D80B301F6EEF3BECF2B6EF215
                  Malicious:false
                  Preview:.PNG........IHDR..............JL.....sRGB.........IDATH../dQ....!*.....n$TJ...NT.)W..o..Q.D#(%.......n.....f....;.'s\..7K.$...y.{.$.g.......5(..`...._.C.6x.......}!.7...E.'E....(D...yB^._A..u.....cf..&.].D.........t...[.:..,.[...l..N....2.t.,@...1..[#.h..v..#..QG..i&1e...>..8P.........^..B....y-.ZT...\Y...~..N...+\.g .WUUr.x..../Xk_GX..k&....#.~7v.Mv.......R<.f.o9.>....R..g..e.....=.;AL.}...y....eA..6...9..,.X?.Bo..;......]...k.&A.4....U.w.."k.6...z..P....vY.Z.:....t..v.Y..+......%.>..._9ezV..4.=....#w...^.........:[l O]!..."..W]..8i....I......u..OC....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_Zoom_24x24.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):718
                  Entropy (8bit):7.5183852032991725
                  Encrypted:false
                  SSDEEP:12:6v/76/RycyQb8Mi/CVXyTk/XsxxqX0U7fGfrZOKIgR7YhiXit4nzbv9VXXXDzS2:/yAi/CVipq0USrZOKLRUhidrP
                  MD5:BA1DB3E66EEBAF20A4C884D2E281F4B0
                  SHA1:E2BB231F26B98948B8D1271CEA2BD43954FA1C91
                  SHA-256:9D4D4DBD913C2F698929DD7FCCD3E257999B5C9C7849B0989BF2F81CCC385FBE
                  SHA-512:6383E4BE4D9F847C25CDC13BE6BDF2A77CAF1542F03E1AA9DCB5173139A4D77F3F0CEFD01448AEAEC1ED4BB2576280C5D796097B677D29461281E12114DCD902
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....sRGB.........gAMA......a.....pHYs..........o.d...cIDATHK..;.VW...Q..A....Q.A0U...J.;....A.. b."..AD.B.I....D<.*....@.&(!..Wt..|.Q..........g=.....(....2V...0.......?..3...5...x...Wq8...W<..F.}......F..'.P.a..S.S....$.]..cI.*..\..z.b]|..i|.Gb8......r.<..R|g(H.cG...r ....9.....:..8..w.A+.x....%..b1..2.`.g.~{).....K?....#9.Eiq.<g.......%...Mq-4v,V.2D....~.x...+.....6....&..........l....}A..q;<.cZ....B9..t........K.{.VF^r,TH....s..........b..[.....D...t..K...cyL.Sx...f..\....-C...~.......?$G.EQZ\(......Bl.Y7...n1...^....l.........w..7...sQt7...):..R|.._~c...j..||..`..\.o..w.M.D..M....b6.-:W\ D..J.l..3N....#[..^.....\.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AS_settings.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):807
                  Entropy (8bit):7.537828766970044
                  Encrypted:false
                  SSDEEP:24:ljb0VGIz7ap86GbFLBBs84G0mHClIBY+p:lympWLbsyPHClFA
                  MD5:A8B04F291F3839E700C1391F87E2CB3E
                  SHA1:28789448AD89E07CF7B253E194FF2C5E2DE2F0AE
                  SHA-256:FA761C48F8CE0DD01886D9929D2DD2BA4FFA5842CC56C458D99602DB91F98578
                  SHA-512:71044EAF0861DD45449EBB043FD574E20635FC3C06EEBA68E7CECF07AB20967232E5CB6AA4CCCEB3523612EF6377506962FEB36D6FE965CD65D4FEBDEABF1C3B
                  Malicious:false
                  Preview:.PNG........IHDR..............w=.....IDATH..O.@.........."..#...V............e....f...R bj..H.?Bl.....wh...@..|..{.>...N...b..0....cc..._vvv.}....l{rrrEU...c.K..........W.......///.k... @*...........<.x.PX...`.....>. ...g..y.qp....p...e-...........B..\...PU..(B...B..!x.G"..!.Q. .B~vG..`.. .&. ..9a.J.f.k.R)......h..B).~||....AhPJY....`Y.a.z..TQ....mQ..C.:.c..m.h.....S..yh..AQ..Q.. .......i..K.Tq].|tt.W.U...D"..8.,.... .L.....L....P...N.A..F.......V.........".|........ .L....T4.....t:.x<.T*.|>.>..I.b.wD....F...<.B.....p].....9BHC...l....[.n..E.8.yxx...jk'''...G.Tz'....Or#........i.{{{k.:..#..bbb....8;;.c..L...d.z..N.........s...bt..@.EH..0..y.|.G............1<..y..iz..,WJ.R...<.UU79.[W.e...........l.A...e....'.m......h6.PU.....4M[......^...~...C..r.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\AccessControl.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):14829
                  Entropy (8bit):1.6777239082189486
                  Encrypted:false
                  SSDEEP:48:cM+k29W8sEvPxN+Y9iLBC4HI7cdp6y7q96kyWN2c:QkEWRqxNXqCcX9Q6kyWd
                  MD5:22BF2656A60F22C0AEF70386D5DC7283
                  SHA1:268BBEAE91F4BB5F28047ED6CB93C35478F3164F
                  SHA-256:D9E6D9303F611A63F66F7492CEAE417FC3E77274197FA042B8931CF0B46C75E6
                  SHA-512:6AD0EE050037C1F01AA36791674C180DE28016B9648F73143E8106F8295407E288AFD091190BBE72132BE0F6FDC92CFD5C1D1F55F41786FBD7F1DD3F2655F349
                  Malicious:false
                  Preview:.PNG........IHDR.............V.W....pHYs..........+....8$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-07-31T13:54:51-07:00</xmp:CreateDate>. <xmp:ModifyDate>2017-09-11T10:33:31-07:00</xmp:ModifyDate>. <xmp:M

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Bookmark.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):220
                  Entropy (8bit):6.696738679877053
                  Encrypted:false
                  SSDEEP:3:yionv//thPlm0FJf/GAgL4gHZGa2Qo7Jk+CNpLFM8F6MXy9kEbseqrZO2pR7uNDw:6v/lhP40yAghoiuJcebZbsfvqL5SJWSp
                  MD5:770BF535A80E63200032743E5F869C96
                  SHA1:CE80AB404621079137778820E401320C94A7EDA0
                  SHA-256:D7E8434BE58A442153F0FAC9D5CA9AAE9A0A6C1A3D3A9EEBB061829282F31EF9
                  SHA-512:461BA27D4A978685D15547F1F03AD241AAB5D2152A68DB46C3180A3C4BE0C5732DFB7612AD6AF9B84AF3C2BCAA3135057D15DEFF1E9F8A8B10B1BE6EF8C24A8B
                  Malicious:false
                  Preview:.PNG........IHDR..............*.....IDATH...1..@..._...........Zxk#...`.B.2.G.&E.kpu..;..A[.S..1w .t....v=.......m......w......0.t.f.>&>.t....p...%.AY0....F......@.....nz,...5._JZ5......n..g^.+..>.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Camera.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):476
                  Entropy (8bit):7.464085429433991
                  Encrypted:false
                  SSDEEP:12:6v/78/aixYrfRJ2nm8nA1V6kK/5ejB+JxNR9:5txEGm8nA1s1/gF+JxD9
                  MD5:9132D0C718590C72ED0FB8343CC0E1B2
                  SHA1:D2CEB2CA7FCD1D50CE0D76E42CF991A6E8F4966F
                  SHA-256:7B09ACDB1D499AEA38B11CE3E55390D7903A796E81B6565A3501E294682E64BC
                  SHA-512:F9A48807C5A6C46ED64B49FC9F6C4A3C631BE9F01757F3CAF77E53C42A59C2D1E7FBF18540820C61413F5398997DC0DDE7D1DF8E6A9E02487DECFCE3AC9ABE35
                  Malicious:false
                  Preview:.PNG........IHDR.............;.J....sRGB.........IDAT(..R.K.q...-...Mhp...Z....H..1..)...."\.M.(.......-..@....9..<.{|...=x.....y>.}Y`.R.T..L3..J.^...Q.0.'4.%.%..>J....$..f...-..p8.](.zR......%...J.k.i..~...I'..G.....k..b.#.O..1...aC...O.B..I".1.x..z........r..j.X,.m.....$!..PE.....v......X..?,...#.3.L\..4..;]. V..0%Fp.}M.....V....E. 8..M..p.&j..s..... .m.y..".n.......f0..@}...j...2l..;.A.:.w...'.?].mb.#p.....$...O..].(.V5|.....|J.......b.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Check.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):386
                  Entropy (8bit):6.907952953595823
                  Encrypted:false
                  SSDEEP:6:6v/lhPUzuC19s/6Trvy5RQ1lql0DNyytrx1Zf23DEZar2W+72DhdIoXubbQEv/jp:6v/78C2s/6TGobxWgZar2x72UpbQEv/N
                  MD5:C506FC2B7732416215CBD68B33DFFD34
                  SHA1:2BECFD725151A420760F0083F45DB97640D1D2E6
                  SHA-256:FE086F8278C95ACE40BAB1194F4E2233B173111D785007B0F60BE6E8DB1A1F20
                  SHA-512:0E4F2BE0FD21AA27C499F64038B1E48FE295CAFA013D454B5009E4A0D9BA550B1B80AB977115912460BC8503BA8B37F40EDCB41BB464D1AD5896577DED78BBFA
                  Malicious:false
                  Preview:.PNG........IHDR................a....gAMA......a.....bKGD..............pHYs.................tIME.......v.......IDAT8...N.1.....!.....`.....&.K......E....m2K...O.d.4fn'.Pg.a./....B.].wi.-..........NTl....p..z...`.......<..K`......\.w...P..u..0.....xL.c...d>..0.6.*...5...n..t....BA.....&.Y..w..{..~..=...!v..`.._.p.@.V.9.h.W..c..bK..|FM.T,...>..........7.~K8.O......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Close.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3287
                  Entropy (8bit):7.876440468879574
                  Encrypted:false
                  SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODCM06aKL5E:bSDZ/I09Da01l+gmkyTt6Hk8nTCkwH
                  MD5:23D0BE57641947A6DFAF03E05FFC44CB
                  SHA1:264570CB76B14F2F9A3189B24BEE48CFCEC979A0
                  SHA-256:FB2A5D46A3666582303CDF6B5772795EEAA5AE8610CB492BD294B02840FFA5A2
                  SHA-512:FE503C2C4F5C7F51695186700BDE8DBAC0EF9AA14AF788F40C164D0E1CE03EBFD53761B7E3F20D2490CA37435CD0F746088D9544F3CAD19D26AA3BC9F5C9B5C2
                  Malicious:false
                  Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Cluster.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):593
                  Entropy (8bit):7.494782717794654
                  Encrypted:false
                  SSDEEP:12:6v/7Yk64nSPKi41m5gjIBKTnc6pGCYJMSTTrMttwLrPxLRpFYFPJQSwzRe99r:pl4KSrTc2oaSPrqtoxFpK9iXRM9r
                  MD5:3E9D225FF5A5EAB49649E09302A939ED
                  SHA1:D233A828A090CCF9ACC6A517071FCE5772008A59
                  SHA-256:5D59A7DAC7B750FB2875D962FD7A287E2775C4D3FFCAF98E8686D996CC5E2A1E
                  SHA-512:EAEEB5923FAB419CAE84B8E3BAF2A7A63B1A3C8AF328AAA6FF0E212C3E88663BD2062FD783D1FBCF0C68021B74857D2C001D89279A74D462EA4212F6AABC80E9
                  Malicious:false
                  Preview:.PNG........IHDR................a....IDAT8...J#a....w.`1F..A.FRH..XD.,4.^..."....H..[...KBB .F.I...d.!.d......u...[.....s..."....Z....1...x<...U..u.Z.q...o.....'''\]]Q(.(...A...9.\.........L&.(RJ.//...2...y..h..d..........T...#F...a....d2...v||L>.GUUnooI.....rwwG$.a6.1...N..A.8B.^....!..b...w....}..)...lll..>kkk..c...i..fQU....L.....l6..i8.C...,....;h......R..`0 .C..!a....I,...}...i4._....1M.n....).V..xL*.....y..m3.L.}......F..RJj......!.J.!...c..A.`....._.,..,....i.p..?? ].F.X.5O.P...B......dRI&.....w:.\.E.9...Ryzz......f3......U.......M....booo......N.Dz.b@....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\DoorSwipes.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):541
                  Entropy (8bit):7.472167728738479
                  Encrypted:false
                  SSDEEP:12:6v/7pY2BOH4uAhtTxgCNl5C0nYng4aVxwD7aaiGI8a:92BOYp1Hlc0nYng4eu5In
                  MD5:C08B8327129C2D2ED6D2650849ADEB9E
                  SHA1:72D79B279B9C705BA15DE8C501FDCA0F6B0C12B8
                  SHA-256:8E78578CCA8CB74479C31755624BC864BFE59595D5FFCA6133BD856D823FF0E7
                  SHA-512:95F2373084A0933C768B549B3BC158A9BB21C1DBBDF840DC7BF2480989FB9039B07160F86629DFDAAFBBE8984642184F4410D10D94A03F7FDBC7AEC566962D19
                  Malicious:false
                  Preview:.PNG........IHDR..............l;....sRGB.........IDAT8..R.K.a..w...i8......[C...z(8HA.4:.9..G....M..........*]j..}..iG.[.<.{.............H$.......W.8n.q-.a.cw....X.i.#O.5.<.< ......u.[.<._V..Z......h.l.X.@ ..x..[...n....,..q...2...y..b..Fu..xT..U.].....p.(.....|>h6..j.t..q:Ng...X..4....z...l....(...q..H.$..#......;.N.......P(.hJz.1.....2}.tz./q...&....E......o..i..pX.... ...nwBX....D".X.c....*..m....h4L.'.}.$Id...I.fO.0f......g.......hZ.x<WvB..%...7.,W.N..b+...F.Q.N......8.iOW....I.9......!/.\K.M...z..D.......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Error.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):489
                  Entropy (8bit):7.460922777671011
                  Encrypted:false
                  SSDEEP:6:6v/lhPkR9iy5rhUo0nhr1rTb7KhsXf1Ic35HaTAYCNRQMELOgASPtzV6xGY5O0Jl:6v/789iy5q1b7xXfBh7iLOgAUXO+Kz
                  MD5:D47D121520162660231C11EEDF407246
                  SHA1:B20DA032FF91A10DBF250686F57DB65FFAB0FFAE
                  SHA-256:0CEBB25DD70F55A947254AD04400B2891E337834C3EC16503E12CB0923050C46
                  SHA-512:74E269636395A454548DE95D5EDE20F68D230E317FEA9F9304824461FDA7B88F16E2B6B36180B74E7075C1E4C46BD2CBF5CBD593453FF655CA58F96DEE6C4608
                  Malicious:false
                  Preview:.PNG........IHDR................a....sRGB.........IDAT8..=K.A..g.......q.>.(....... .....,....B.N..,..)..M......b..h"..cv..c.\L...;.3.......q...:....w.b`(b.~.......A...%....$7.RpXS.<..."S...J.;...H..;...5.m..R\j...m?6...N........(...!..^@.........=.2..;.R.3@.pP[|r.....M...-L;...E}.1jc..._..d...a..u.6H2...Qg .R.v.N.8........!.......5...KP..Wu.+.?a1!...2.Y.C.vDO.%...O..`........[\....T^S.s&.z..pR..EK..N.9.MH.-J..x.[....C..B.>+.....{..].0K.3..rS[_]c.w..~..c?V`x.}.Z9....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Expand_icon.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):1451
                  Entropy (8bit):7.041077557179798
                  Encrypted:false
                  SSDEEP:24:oj6y1he91Wwjx82lY2T3ouVbaEyJ3Vt1CYGQB69SbT2PYJu0t59oa0XEaxySuVf:bwqQNn2xh6J3Bhvbqvu10C
                  MD5:9045520B53511E17D21A4498B29C0DD5
                  SHA1:AF15A3604C22E42122402052A4A737F323C4235E
                  SHA-256:9338A198A543CDE451550A080657C90BE1C0F55985FDBB8A95609372B418016A
                  SHA-512:F3776DDC0B6ED6C4282774F92B6F310F981E204BE334B552C2E44FE9654CBFE07465D7C43B6C3592DC63BFBB62D257E341E66E1CBDD195C566D45B7EBDB23C68
                  Malicious:false
                  Preview:.PNG........IHDR.............rP6.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F6A827BCB53311E38A73BEA935D8AA77" xmpMM:DocumentID="xmp.did:F6A827BDB53311E38A73BEA935D8AA77"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F6A827BAB53311E38A73BEA935D8AA77" stRef:documentID="xmp.did:F6A827BBB53311E38A73BEA935D8AA77"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..`....IDATx.T..9Q..sL|1\..I..B.t........A...J(\.$........k....%.=.u.^k....{...v#]...fC..I..E!..K.p.b...v._.T{b....

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Export.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):681
                  Entropy (8bit):7.639243794591832
                  Encrypted:false
                  SSDEEP:12:6v/7Q0VVxjfmchhM1Wasvmi3HOhDIaCKbN5ZjVZYsAwSyLCR+p7SGukQz5TfxL6u:yxDmX1WTmosImjoVRESGukOFu54N
                  MD5:CA0024BB39154C802E52D66F9E5E4BA9
                  SHA1:133D261666142E778E4449C718B18AED4D9534F2
                  SHA-256:D60218862363307DFD94D0C6B623265564EB4CA722253EE71B50E657037C4FF3
                  SHA-512:2385548EF2217EB98BA3CF60F07DBEB0010F11EEC55487AA71869087063CB9EA6A2C09ED6079C50BCB533852AC5FA6ADD21232F242C01803C56024ACAB3B8AAF
                  Malicious:false
                  Preview:.PNG........IHDR..............*....pIDATH....VU....;.6L...hQ..F."H2.+3....o$... ......i....0oT..).F......?@d#..V.....T.{.a..w4.....u.s.^_.#....!..5x.K0.C...,..$~.H......4T:...o.!.#x[o<..y..a|.B..1.ls.+.S.......ex.(..}H..~%.v......{....E....nY.Y..'p....-...A......q..e\.x..l..J|.Wp.?.....Y..%....>g.....,.;85..oX+..{..^..!.VU50U.b.T.f.....3l..L+.nI..UUU...o#..T........r.wc.5.c..l#o.l.......W....n....m&..J.n.0>j.}..T..;K.|...j.;..x*?........G.t.l_...s......c..d.P.....X.~..t...>..v...e...^...;.C...y....TYwGZ#h_.}X..x.s..!.(.....1..u}....v|..rT%>.[..u..&E.`....L^......`c]..Ke.9t...e.../H.:.Ai......3..b{]...s...D..).R.B..7..c.....F..^..]....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\FastBack.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3111
                  Entropy (8bit):7.890945326771674
                  Encrypted:false
                  SSDEEP:96:iZ/I09Da01l+gmkyTt6Hk8nTDSWt6jjLl:iS0tKg9E05TDSWt+V
                  MD5:708162DDEB92D81C197902E80DADBEB1
                  SHA1:317F72A763D95D5E7F91A41BA25EBDCCE90A3637
                  SHA-256:3ECA65447D1D2AED2F8030EB50DF026EFA740531439D17A0C2C81D2D8DC01A47
                  SHA-512:491A14CBE72DEAF012035283F0F3597E5F35D4A831CFB89FA7A94DB9D1C44805D498624537980D635A41C027AE1C70F02B9490E586F2161A4A5AFE099B45712E
                  Malicious:false
                  Preview:.PNG........IHDR.............Vu\....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., +.....3...!.[..b@q

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\FastForward.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):3125
                  Entropy (8bit):7.889747685236727
                  Encrypted:false
                  SSDEEP:96:iZ/I09Da01l+gmkyTt6Hk8nTDSIDTxu12:iS0tKg9E05TDSID02
                  MD5:D2C63E5F4181965D51A4F6A2642A6197
                  SHA1:0E8C41D69260F4D56439743734378FF658213C65
                  SHA-256:08F6D7396B640CEC25A5C4AFB9057F05AF2F62D5F80231529F86E73E1E8EC969
                  SHA-512:0E04B7E2E9748B0754C0843EC6EEA804779D52B996DE2E04A8EB69245C98975405F3FE6E9E5F363D08725C6770E7EB1F9B6C5C5C61B5CA2D2E8264EC1A3EAF26
                  Malicious:false
                  Preview:.PNG........IHDR.............Vu\....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., +.....3...!.[..b@q

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\Go.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):525
                  Entropy (8bit):7.354349495904147
                  Encrypted:false
                  SSDEEP:12:6v/7iRs/6TVCftQbQwIvrEzqJWJ0yJxzs68u4mDartZxOd/:Rs/6xhQ9TWaFy78uFEZ4/
                  MD5:A6E18DA8241B4E9372A492FE24E643DB
                  SHA1:62D6B060E3858B80FBEAA59697589CAFA648673C
                  SHA-256:A22DCC2CEF8F449EC865E27993DAC101214AEE96137E3EA718EEB5B4521968EE
                  SHA-512:A27AEC29CE4A774D02462A6159C9128D63D0A392E195C7F98ABFA8F14657B984D68807E4807686519D6E3C9A666712159151429B1436CF9ABE15A9F50BDA0276
                  Malicious:false
                  Preview:.PNG........IHDR.............r..|....bKGD..............pHYs.................tIME.....4.<.......IDATx..MKTa....=....F....*r)...@.....1$.E... .,L....,h3.BBB*."..p..r........x. C.N.f..f......?.7.O...;......Q.:..x..7..$5......J.|:......8.A..3.>...U...>.v.7.....7.I....B.....a..;......@..E.I.'.+;lk.-.b.o..W.;1.Z..h....l..$l.=.F....H\............."..IR..Bt.SLP.9.;4.0l..b.%>... .d....?... :V}..s.$U.l....Q..5J...o{....$...T.*.[.s..o{E....j-.!...<K......>.v...."...Yv.../.;u.........z..',....]......IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\add_icon.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 15 x 15
                  Category:dropped
                  Size (bytes):1613
                  Entropy (8bit):7.107307651233087
                  Encrypted:false
                  SSDEEP:24:bY8lYF/nktrkvF0+0al1htZdWwjx82lY2T3pHEVZzFj4fFjayJ3VTgFjBxFjfGYc:YF/nIgv7qNn2SfRyFJ3oRLL8Z9
                  MD5:2161C742D82DB9C34D7F437FA81477CD
                  SHA1:56D148295F4C8CA77CBD630B1BECD9A6EAC7F3C4
                  SHA-256:CE860A013EB45FFF2F03EAF4BAD843E824D3FAE815A28A3A1CD459ED6BA74541
                  SHA-512:92D525BB82BE224A8D56CC7FDA563B55532A8B41A1436BFE058FD6F902E494C404E1CCD4E2CED831B66ADDB586BD5A7654E3E18267766BAE6A4B71D87DB5D529
                  Malicious:false
                  Preview:GIF89a.....k......i.b....../O'].VF|?..nN.1c.I}.ig.P..9d2;g3j.QX.=n.h=k5h.aa.H..b.Zz.es.mV.;|.gp.i..n.X..Em=1R)<h4O.HFz>p.k...._.E....D.%^.Wc.]..pO.2d.]As9m.V..q.[f.M...p.Y..wW.P.M&].U@p8o.i7\0u._.....I.,..}\.BJ.C?k7>^7..u..s.mv.a..va.ZS.K..8`0[.Tq.jX.QT.8j.S....].UY.?W.O.....m..s.^d.KBg:..^.X....{X.Q;Z4`.Y8a0^.W..................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:F4B19E8B964E11E2B5BBFA01EEFB52E3" xmpMM:DocumentID="xmp.did:F4B19E8C964E11E2B5BBFA01EEFB52E3"> <xmpMM:Deriv

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\cycle_views.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):564
                  Entropy (8bit):7.590485475122778
                  Encrypted:false
                  SSDEEP:12:6v/7tp3tPE8N77N5b5Je31iNX0ZL4vDN/mRKRE0QgKZiMgXLLuzZaLp5:SxDN77N5bPeMs4vRORYdQpZiZbazor
                  MD5:8E5998982753F9B0DDBE80BD8DCB5051
                  SHA1:E6DBE5B78F9831484CC303D41CFCB757ADA12EE5
                  SHA-256:DC4EA573FB78CCC0DC30939EB7F61ACA135497C76BEEB6121A35AE998B0803C5
                  SHA-512:5C73873C04623C102428CB4E83AED4F8A27ADEBD7CE4472BCEBD5BF8E670841AA528E7E9C4142B20B95403AB7979353F908905AE38B61463DE4A110090C90337
                  Malicious:false
                  Preview:.PNG........IHDR.............;mG.....sRGB.........IDAT8...kZQ....b..*...%$.`........!.v...=.S...o...u.......D..R(..B.I.-%^?.{m..k...x...<.y.9.f.*K.A....\.w.C.R.;.~.).uEQ.......ju3V.$..<...+.V.c,.......oh.....W..~...B...f.'.di.>............!.+..{S.R.@P .Q<.:..]..Y(...L&s..n.._P...../V.....z.r..9.s.....Fap..|.X.W.TU...jH.A....\...#_......EQ.Y._...m]..9...f......l.;....e.Yg.X.A.VH.%........^...x...f0.e.q.\....j.z...6...G....x2...|.7...O...m.d..v..;..*.#....'M>.3.L.O...".....U..)Q<.oX...|>.....0...|..;X.....8...R......_.....S.....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\edit_icon.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 20 x 15, 8-bit/color RGB, non-interlaced
                  Category:dropped
                  Size (bytes):3074
                  Entropy (8bit):7.878449332741883
                  Encrypted:false
                  SSDEEP:48:B/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODeouBj1:BSDZ/I09Da01l+gmkyTt6Hk8nTeoUj1
                  MD5:8788955F744759B1806FF27D69697E05
                  SHA1:9E167C319AA46CB586B81E57FBD1E7C96D169828
                  SHA-256:4C076E4AD1C0695619697605B8A9C0E652AE7EFD2C0D2A73CC42318B0A4C3CBE
                  SHA-512:290C0DE757EAC1E66DC7415EA5CF00C147FF9788664591847115EF50ECB378EE58769CE09D552C8A97B5C0D2EEBCBBB40F2EB2BA5EAC24C4D6832AA7B757CCDA
                  Malicious:false
                  Preview:.PNG........IHDR.............k.x.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\file_settings.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 15 x 16
                  Category:dropped
                  Size (bytes):1668
                  Entropy (8bit):7.09778293948399
                  Encrypted:false
                  SSDEEP:24:8DSrCSfDqLJP7ptGvhal1htZdWwjx82lY2T3pHEVoia6tyJ3V9IEiGY8EZNnxiju:SECS7qLxWqqNn2SqJ3uL8EDxii
                  MD5:FD43DE4BC2413426F9730841D0D8D0F9
                  SHA1:C12757567AF7C63B88660DC1576FE762B8EAAB9D
                  SHA-256:9A85B27BBE57D4C9F67D204A9DD71B567E690DC96C07B642D340DE13FE02A114
                  SHA-512:9BCA255D01C4A5367F79CCE280B0E4A2FA681B7712639CB0461C1B7B290C3C607D268C7380155292BB13C90275D79243593BBEBACE1AA62D75530BEC81A500A1
                  Malicious:false
                  Preview:GIF89a.....f.-**...0..>;;.../,,...}{{...,))...........755...+((...'$$VSS400.........<99...:77B??...B@@[YY...FDDDBBnkk...2........onnLJJ......+''RQQnmm...*''......A??...hggLIIhff...744`__VTT*&&633.............?==...USS..............411...rqq............^\\...1--......"........WUU{zz......$!!($$...gee0--1...++2//300..............................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:5B5644EB8CDE11E2B069F3E3FE9A682C" xmpMM:DocumentID="xmp.did:5B5644EC8CDE11E2B069F3E3FE9A682C"> <xmpMM:Deriv

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\folder-site.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):496
                  Entropy (8bit):7.426625209473391
                  Encrypted:false
                  SSDEEP:12:6v/70zfMdddi/Pm5tA6MhzMcW7fSq61I+qJVFoe+n0QXA+1:9QHg/P6O/Mb7aq6+nJVFoee0q
                  MD5:3A264C5E5BEEDE55CF3A1D3A76D39095
                  SHA1:0ACD72E1001D7CB0537775AB09DABB547B064939
                  SHA-256:CA27C88E6648CE834B868466B0E3B6B5CE02F00523220543B2748901B207B646
                  SHA-512:78208A20A919A676DA00EF19FC3E100837FDC21E9593610FCBB47A0F9A9EB4AEF95D570A9EB701F54A1738CA9007A858073402331FDBB800EE2F5C8BCE79CFF1
                  Malicious:false
                  Preview:.PNG........IHDR................a....IDAT8....aQ......R.h..DM.@...o..G..R...x..P.J!!8b.H."..pn5r.sg2.......,..~&.a.h4.~...K.x.\.'I....!._..(.+.|-..~..<...fC*......x.F......_...,.(...xD.e..=.$!.2..c.Z..........tB...iX,....n..'p..$...v;..D".~..........<.Os`>.S(..^....`0@.u$I..jq>.....@(..\.3..Y,...i...~..H$B.ZE.4s`:.R.TPU....d2A...f...\.......%..2...n.$.I:..^..h4J.V...5Mc6..^.QU..l.n...x.t:9.N8..s@UU..&..L.M.....m....9.....J.^..n......R.d\.W\......u].X,.|Z.......T..s9....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\fullscreen.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):362
                  Entropy (8bit):7.257280681040607
                  Encrypted:false
                  SSDEEP:6:6v/lhP6IcHMR+dJCKf8RQ65JoLmKcJdHfvis6KXm+DnZ9cArKWUulTp:6v/7iIGMqxfuMvc/v16KXmSnZ9JGWUuL
                  MD5:A3716BBC028D2693B97F6095AF9AE8ED
                  SHA1:99A7A7FF38C0EDA7FBAFE9E390F78D13E6BB00A8
                  SHA-256:7BF7936C4AC91912A94E92B354FA21316B9B9B36F50FBCBCAD250E705EAEED04
                  SHA-512:B4F95A926E0FAF18610DB526DFD9BE9FFEF4FFB19099EB3E440FBC0891B83003DC98E24126D0B271CFE23D37ABFC10453C93D264E040F6D877AC266ABBB80200
                  Malicious:false
                  Preview:.PNG........IHDR..............H-.....sRGB........$IDAT(.m.AN.@.E...x....K .......w aI\..3h";N.......+..!.......j.EQ.,.rv.......{.3.,..y....!...... ....h...r.UUu.1r0.o<..q..K.i.........T......}.zQ.eW.v.&........jZL.n......$.K..@.-....a....!W......\.'5..?....<..d.!./.6...9W.k!;.l./...5q^.MHS>.D..zy.a...[9.L.LD.....mf..G~g.._.X.c...{....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\image-panel_POS.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 18 x 16
                  Category:dropped
                  Size (bytes):1696
                  Entropy (8bit):6.968114841820626
                  Encrypted:false
                  SSDEEP:24:TBA3aUrQqWtal1hepWwjx82lY2T3eVeGyJ3VXxwYGY8WuM4L/xeSkz3:Tea3HGccNn2yGJ3zL8tU3
                  MD5:A61386D6B67E24F25969E8163AD8EA03
                  SHA1:933E779B0B8EDC8CED58FC04374A9CE8ECFB0E13
                  SHA-256:38EA4C0FEFF62B9D6817EFC974618A3AFB49DB9567E76BA8167A77896F48A04D
                  SHA-512:2743B3A57C250B384199B2E935D7ED6C8A548202AFDA40F40FECDE9E91041BC11DB28249766A7F5C0F0636A98B4DBBC7E9079225CA5F22021D5C95F3339303FE
                  Malicious:false
                  Preview:GIF89a.....P.ZZZ...aaaiii...jjj......eee^^^...ppp...ccc...QQQ.........VVVbbbGGGzzzWWWIIIyyy......xxx......................nnn...MMM.......lllEEEfff\\\...rrr......UUU........___NNNmmm.........sss~~~......SSS}}}.......]]]TTTRRR|||PPPqqquuu...YYY...................................................................................................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:D10E26D0C83F11E4A094E38E8A7F9391" xmpMM:DocumentID="xmp.did:D10E26D1C83F11E4A094E38E8A7F9391"> <xmpMM:D

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\image-panel_grant.png

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):315
                  Entropy (8bit):7.065565031560398
                  Encrypted:false
                  SSDEEP:6:6v/lhPuowdsfWGOA8EP6co43iBwIaoTBRbXN+2bbc9i/p:6v/7KdsOk8+o4uwFIBRU2vkq
                  MD5:F01DBE7FB4AAF0C891C1AF1592A416C2
                  SHA1:6406A0B759C348D271C17A714D50452FABF21E66
                  SHA-256:4376DF8D53435D2110F53DE21EC72373B7DB006F7C1281FD4343AE7F0F209D56
                  SHA-512:CA89E0951B274F568D325E7B292A037031171AFE0F7CB3FBCBBDCE70DED03B703815AD603B01CA196686EB20E7F1A52C01F82D85829B183F63FCF114107A274B
                  Malicious:false
                  Preview:.PNG........IHDR..............NF.....pHYs...........~.....IDAT8...Q.0.D_2.@.........*.\..p.+C.I....A..).......D.....5+.....d..x.^...O.w...h.:.T.J..?.t._.9.kQ.0/pll.]{Z.O[......kz.i.c..2.......:.GI...M.....ak{...%.l...0....'...@.a."x.e:+.t.t.[.)i..9..}M..#wS....%-K.F._R(M......qrSI...X'...:]='...>....IEND.B`.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\image-panel_speaker.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 20 x 20
                  Category:dropped
                  Size (bytes):1733
                  Entropy (8bit):7.2767354657327905
                  Encrypted:false
                  SSDEEP:24:KR61gNAGJal1htZdWwjx82lY2T3pHEVd6+yJ3VwQPhGY81HbaNRNke9AYuW3N:H16HKqNn2SPcJ32QJL817a/NyYuW9
                  MD5:3A9122F0FC217664319E107A0728438D
                  SHA1:5930D261E98B2909C698ECCFE6590B1401D7D905
                  SHA-256:1D8430505B65E4A1317A59CC809E8A48A3AACDA20A50746D817C9C31AA57D612
                  SHA-512:378F371BDCC08C4AB7AD2FB127796181074B866C5C8F72323E30B985C90704E13410DEDD70329EE50BE7F87F2087AFAF4B018B81FAEA2B75B1CE6209BDCFC4D5
                  Malicious:false
                  Preview:GIF89a..........yyy...xxx...qqq...}}}...mmm.........................ttt........................................................vvv...rrr...kkkfff...................sss...ZZZ....................ccc{{{ggg...uuu......zzz...www...jjjppp...lll......```.........^^^.....................~~~eee...YYY...............aaa..................|||...................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:F783BF63924911E2A6F990F48499520D" xmpMM:DocumentID="xmp.did:F783BF64924911E2A6F990F48499520D"> <xmpMM:Deriv

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\jump_back.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 14 x 14
                  Category:dropped
                  Size (bytes):1174
                  Entropy (8bit):6.8064173728262505
                  Encrypted:false
                  SSDEEP:24:9tal1htZdWwjx82lY2T3pHEVoTm6uyJ3VLPp7GY8o:EqNn2SGTbJ3jL8o
                  MD5:8DB8DFC2B6846B4D5D2E207036289444
                  SHA1:4BA4FFC452EE80A85350B440101185844A921E15
                  SHA-256:D03DEB243792EF1E0E362C739AB768D7A66F7892BE2A5A39A8F88028EB91A066
                  SHA-512:D51A16C5F49FA16235FC3A732CAFD75C9DFE259189A19819A8625BE57B3727E7662BA2BF37B6141E7AABA16594F79F3A418A5B7E900667D2907F13D46EAC08C5
                  Malicious:false
                  Preview:GIF89a............................ggg...xxx...bbb.........!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:E8080BD3926C11E2ACBE85B2ABD6F4A1" xmpMM:DocumentID="xmp.did:E8080BD4926C11E2ACBE85B2ABD6F4A1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E8080BD1926C11E2ACBE85B2ABD6F4A1" stRef:documentID="xmp.did:E8080BD2926C11E2ACBE85B2ABD6F4A1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqp

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\0Graphics\ACC\jump_forward.gif

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:GIF image data, version 89a, 14 x 14
                  Category:modified
                  Size (bytes):1174
                  Entropy (8bit):6.826370039311138
                  Encrypted:false
                  SSDEEP:24:9tal1htZdWwjx82lY2T3pHEVQRag58yJ3VCt+bGY8H6e:EqNn2SIJ3rL8H6e
                  MD5:9BDAC9118F68CBBCE2AD7D2367D2EBF3
                  SHA1:63666388200F9F2E1876E08251AE8E260CBDC875
                  SHA-256:2455AF9061E82D644060F1B7615E9B89349FC1FFBFA57ECD861FB7EDC732CC5D
                  SHA-512:ECA28237222C6ABCEF21C699DD948F1A73CD62962B43F5E72BD65E1A826B4AD3E0E18FFAA8F20E4132166FB7892E4F3BA9BC75F5CD6DC6EEAFA4CD985E2EB599
                  Malicious:false
                  Preview:GIF89a............................ggg...xxx...bbb.........!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:FCAFE5DE926C11E28EC68A3A08E53BBC" xmpMM:DocumentID="xmp.did:FCAFE5DF926C11E28EC68A3A08E53BBC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FCAFE5DC926C11E28EC68A3A08E53BBC" stRef:documentID="xmp.did:FCAFE5DD926C11E28EC68A3A08E53BBC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqp

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\Content\Search.htm

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:HTML document, ASCII text, with very long lines
                  Category:dropped
                  Size (bytes):9349
                  Entropy (8bit):4.178951543004364
                  Encrypted:false
                  SSDEEP:96:0pP4g+zfbSoMoVmS9uLrVsQTQlRVqNMr3V2avhL:0V4g+RVDyPklRVxZ2qL
                  MD5:9BA4BC1912C9BCCA69F1B8BDC3B1422F
                  SHA1:AA0DBB7B94EB6B8C51218132DED9005EF0C0EE46
                  SHA-256:CB453D3155ECA22FA81A5F5843F859D8A0625A9F596C150C087D3EE2F615A57E
                  SHA-512:6E4DE11A5C93F797A1A6E3E4685F6E09B8BEAAD1826A29A3290599A6F2D0036695AED3EE60D1B8ED1E49D15CF18AEF9B52F44D7CE6FDECEF64C33A26B8F6E129
                  Malicious:false
                  Preview:<!DOCTYPE html>.<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" xml:lang="ar" dir="rtl" lang="ar" class="searchTopic templateTopic _Skins_HTML5___Top_Navigation" data-mc-search-type="Stem" data-mc-help-system-file-name="index.xml" data-mc-path-to-help-system="../" data-mc-has-content-body="True" data-mc-searchable="False" data-mc-target-type="WebHelp2" data-mc-runtime-file-type="Topic;Search;Default" data-mc-preload-images="false" data-mc-in-preview-mode="false" data-mc-toc-path="">. <head>. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <meta charset="utf-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Search</title>. <link href="../Skins/Default/Stylesheets/Slideshow.css" rel="stylesheet" />. <link href="../Skins/Default/Stylesheets/TextEffects.css" rel="stylesheet" />. <link href="../Skins/Def

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\HTML_ACC_PLAYER.mclog

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):15316
                  Entropy (8bit):5.004389109996349
                  Encrypted:false
                  SSDEEP:192:0x4h5g5PL4zsr4stBvc384DT40qV+VyXNoYimfxR7T174vd0+8mHzJumBaUDEoDj:NsMskNDUPNDS4MHFJjBbxvh
                  MD5:064F05EBA62CAA7C5F264ED3260FFF83
                  SHA1:53AC9DDE2D3F8BD8505A079DF359536588DF4EBD
                  SHA-256:E6F096B45CB7C34932D56A5834E94EC6413A689D5FCA5CE7AC8836BD0BC219F1
                  SHA-512:5B68A00AE6D312ED6BB15B8856FD51B88FF1BD2DD4E833EF937C557B0D91F8F455274C3969474F881868B53A2A1B0941CD94AA1AC8CE3D327F7241BF32A518FB
                  Malicious:false
                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<MadCapLog Protocol="2" Description="MadCap Flare 2018 Generated HTML_ACC_PLAYER.fltar" Date="2018-05-17T14:34:30.6370021-07:00">.. <Messages>Compiling target HTML_ACC_PLAYER.....Removing previously generated content.....Loading skin info.....Gathering Glossary information.....Gathering Auto-index information.....Loading Master TOC.....Processing Master TOC.....Collecting source files.....Processing source files.....Processing CSS: Resources\TableStyles\Simple.css.....Stylesheet left/right rule(s) inverted for right-to-left output...Generating output files.....Processing topic: ACCPlayer\Video\video_player.htm.....Processing CSS: Resources\Stylesheets\styles.css.....Applying master page Master_TopNav.flmsp.....Generated ACCPlayer\Video\video_player.htm..Processing topic: Views\What_are_Views.htm.....Applying master page Master_TopNav.flmsp.....Generated Views\What_are_Views.htm..Processing topic: Views\making_a_view_full_screen.htm.....Capt

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\csh.js

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:ASCII text, with very long lines
                  Category:dropped
                  Size (bytes):401471
                  Entropy (8bit):5.390353776512112
                  Encrypted:false
                  SSDEEP:6144:opoTD/oqhJibiDTalgnNm8J3ZrDzaq0om+2Pb3aKrzVG0ao:N//HalGNm8JZrDzf0oho
                  MD5:9CF7303B9A95CFEEDD8CE86A25313B13
                  SHA1:C853A74A4F7481ECEE290384509F49069C3023DE
                  SHA-256:55CC78AE3C8B5DFC81F92DE338316ECEE172C02BBCBC90F46BF9CDA98B9A2F9C
                  SHA-512:CCFA78AAAC29AE41A6BA8B49B284DF448620315C5EB7CE0C4602F113C6F9932ABB358761C4B2B838838F671A410F49FE33C55D5B936420F68EF9ECE42C9522F8
                  Malicious:false
                  Preview:/// <reference path="../Scripts/jquery.js" />./// <reference path="../Scripts/MadCapUtilities.js" />./// <reference path="../Scripts/MadCapGlobal.js" />./// <reference path="../Scripts/MadCapDom.js" />./// <reference path="Scripts/MadCapHelpSystem.js" />../*!.* Copyright MadCap Software.* http://www.madcapsoftware.com/.*.* v14.0.6694.38542.*/../*. RequireJS 2.1.11 Copyright (c) 2010-2014, The Dojo Foundation All Rights Reserved.. Available via the MIT or new BSD license.. see: http://github.com/jrburke/requirejs for details.*/.var requirejs, require, define;.(function (ca) {. function G(b) { return "[object Function]" === M.call(b) } function H(b) { return "[object Array]" === M.call(b) } function v(b, c) { if (b) { var d; for (d = 0; d < b.length && (!b[d] || !c(b[d], d, b)) ; d += 1); } } function U(b, c) { if (b) { var d; for (d = b.length - 1; -1 < d && (!b[d] || !c(b[d], d, b)) ; d -= 1); } } function s(b, c) { return ga.call(b, c) } function j(b, c) { return s(b, c) && b[c] }

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\index.htm

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:HTML document, ASCII text
                  Category:dropped
                  Size (bytes):940
                  Entropy (8bit):4.7248102465756965
                  Encrypted:false
                  SSDEEP:12:hY1Tqjm3DJiwIIyveqJmWQ1IqJmWbIqJmWFIqJmWQIqJmWEv9IqJmWUQVO1EdYoO:hY9q6TJiwIIAW3n3J3c3Iv934dOy
                  MD5:68A3107F74A918FE34910CC817B8F0F4
                  SHA1:3F6DE5F30B8C1A13FCA9482734F4FC2F7903E7B4
                  SHA-256:B46BD4E4FC6606173DCD89DD46856610C1D6770DE90E165805E19038E7E4C7C1
                  SHA-512:8BB0E496B4407D8C2B750A5023A50FA4593476EDF59078DF02C37871170D07BF3CC834B3750120A769901D04322FC0EA4E310E49E05BB5B44BA06A8151B8600D
                  Malicious:false
                  Preview:<!DOCTYPE html>.<html data-mc-runtime-file-type="Default" class="_Skins_HTML5___Top_Navigation" dir="rtl">. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta charset="utf-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><title></title>. <script type="text/javascript" src="Resources/Scripts/custom.modernizr.js">. </script>. <script type="text/javascript" src="Resources/Scripts/jquery.min.js">. </script>. <script type="text/javascript" src="Resources/Scripts/plugins.min.js">. </script>. <script type="text/javascript" src="Resources/Scripts/require.min.js">. </script>. <script type="text/javascript" src="Resources/Scripts/require.config.js">. </script>. <script type="text/javascript" src="Resources/Scripts/MadCapAll.js">. </script>. </head>. <body>. </body>.</html>

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\index.js

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:ASCII text, with very long lines
                  Category:dropped
                  Size (bytes):404935
                  Entropy (8bit):5.3902246927574735
                  Encrypted:false
                  SSDEEP:6144:apoTC/oqhJibiDTalgnNw8J3ZrDzaq0om+2Pb3aKrzVG0xq:zW/HalGNw8JZrDzf0oGq
                  MD5:8668988CCFD4BFBF9E55057A694ABF7A
                  SHA1:205CA26C6CA66C54A870AE21258FF8927AC160B5
                  SHA-256:2A1B1DDE412382C88AC8BAFAB95C9BD2668DED01AEB0BA9E20E6239B9DDD6C2D
                  SHA-512:A0D867BE602EE14D7D19F825C0818025F4A3FB615D5132691FFFB03AC172B54C1FAE28A63E346028B8C1ECA622DAD8C37A1DC54855B7776F37E4BC11DC1DBB4A
                  Malicious:false
                  Preview:// {{MadCap}} //////////////////////////////////////////////////////////////////.// Copyright: MadCap Software, Inc - www.madcapsoftware.com ////////////////////.////////////////////////////////////////////////////////////////////////////////.// <version>14.0.6694.38542</version>.////////////////////////////////////////////////////////////////////////////////..// Syntax:.// function FMCOpenHelp( id, skinName, searchQuery, firstPick ).//.// id - Identifier that was created in Flare. This can be either the identifier name or value. The topic and skin.// that is associated with the id will be used. If no skin is associated with the id, skinName will be used..// Alternatively, id may contain a topic path. In this case, the specified topic will be loaded with the skin.// that is specified in skinName. Specify null to use the help system's default starting topic..// skinName - This is a string indicating the name of t

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\index.mcwebhelp

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1384
                  Entropy (8bit):5.269721748624834
                  Encrypted:false
                  SSDEEP:24:2d6Kd8494WP0W33a+jdsINOWs86iEC4AKTG99F0pAj8ugWPUB2pHVnd:cZdKWP0W3zswM86iAHT2VQWPUB2phd
                  MD5:CBB4D0AD630DFCE80C97E6FCD5CB663D
                  SHA1:21AE773DF6D4AC4B5699A4CCAC04F903BBA1CCD3
                  SHA-256:D69C6268BCF359EB898E1DCF9D139F2EE69D3DE882A6579F0759AD1188CE64CB
                  SHA-512:BEDF6E17AC38300B0A697D7CBE2FED0963F0004FAC455C6B4361D8E4A4A7A7ABE3F3510ECD1A05FF5AF3C19A03FC787CCFAF290002626D92F41F008AA2F992EE
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<WebHelpSystem DefaultUrl="Content/ACCPlayer/Introduction/what_is_the_ACCPlayer.htm" Toc="Data/Tocs/ACC_Player_HTML.js" Index="Data/Index.js" Concepts="Data/Concepts.js" SearchDatabase="Data/Search.js" Synonyms="Data/Synonyms.xml" SearchUrl="Content/Search.htm" PathToScriptsFolder="Resources/Scripts/" SkinName="HTML5 - Top Navigation" SkinID="HTML5___Top_Navigation" Multilingual="false" Skins="HTML5 - Top Navigation" BuildTime="17/05/2018 02:34:28 ." BuildVersion="14.0.6694.38542" TargetType="WebHelp2" SkinTemplateFolder="Skin/" InPreviewMode="false" TopNavTocPath="false" MoveOutputContentToRoot="false" ReplaceReservedCharacters="false" MakeFileLowerCase="false" UseCustomTopicFileExtension="false" PreventExternalUrls="false" EnableResponsiveOutput="true" IncludeGlossarySearchResults="true" ResultsPerPage="20" xml:lang="ar" LanguageName="Arabic" SearchEngine="MadCapSearch" DebugMode="false">.. <CatapultSkin Version="2" SkinType="WebHelp2" Comp

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\help\player\ar\index_CSH.htm

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:HTML document, ASCII text
                  Category:dropped
                  Size (bytes):2532
                  Entropy (8bit):4.144739022727213
                  Encrypted:false
                  SSDEEP:24:hY9q3uwIth4dqCPmKK68kdTMFPin+O6KnDuaKgwuM9KotO/8/MCHPsKUO/8v4KBk:iYsI8k1M5in5yxaboY/Kjrj/oIei4U
                  MD5:A88ADDDE1D59A3EA6E5EFE0793151E35
                  SHA1:9DFB1A1C7D24DEE5450776525B2E451F79C794E9
                  SHA-256:99A2CAACD08C3EE5DDA6FC593E7E76A0C380ED00602AA7E95BDDCB2BA5B9DE7E
                  SHA-512:23C2A5A30DA8E6C80E5F35A63E7A82FCD3E883C1D194FCF6032B7CBAA68D876788FB9C5F6241AB0F757038655AE119F19F2009976AAB4601F612265B0D391B77
                  Malicious:false
                  Preview:<!DOCTYPE html>.<html data-mc-runtime-file-type="CSH">. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <meta charset="utf-8" /><title></title>. <script src="Resources/Scripts/jquery.min.js">. </script>. <script src="Resources/Scripts/MadCapAll.js">. </script>. <script>. //<![CDATA[. $(Init);.. function Init(). {. var cshid = null;. var skinName = null;. var searchQuery = null;. var firstPick = null;.. if (document.location.hash.length > 0). {. var hash = document.location.hash.substring(1);. var parts = hash.split("|");.. cshid = parts[0];.. if (parts.length == 2). skinName = parts[1];. }.. if (document.location.search.length > 0). {.

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\icudt44.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3072
                  Entropy (8bit):2.1316523488479673
                  Encrypted:false
                  SSDEEP:24:etGSi2PBC86DnUVdN3VMNB+gt60K3ikLPNhJ:6iUx8UVdNF6Ugtlwikhh
                  MD5:41C9CA28322800458095311B574C187F
                  SHA1:FF4F0983A45889E0F6AC95B283EFBBD5F230574A
                  SHA-256:07CFBD514CC39CC48789CCBFB2CB31CABFFA651DC80B0A7206513F5464D15F8C
                  SHA-512:B9A9EDF4DB2648604AD3DEA4D43D551A24E6692BBCAFF0BFF3E6C660C215C849A2C8DD502434189D70B76A3B815D708021A03C0603A1D9EE4DAD100E73A9669D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=.S.y.=.y.=.y.=....x.=....x.=.t..x.=....x.=.Richy.=.........PE..L.....Z...........!...............................J.........................0......!^..............................@...J............ ..X............................................................................................................rdata..............................@..@.rsrc...X.... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\icudt44l_regexclient.dat

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):474176
                  Entropy (8bit):6.576926861218099
                  Encrypted:false
                  SSDEEP:6144:f9d2VBMnwjygv8bLU8BpRHsbDvOaT+PZNBtyVUCfLHJDTE6rYNnPT/TVZ7QMGvum:uVB9yA8bLJpev9E6rgtZ7QMSiI
                  MD5:8105624A03F5502F2FDD7E5B04321196
                  SHA1:4BC73D63D0AACF4ABF3AF9EF2652AAE3331079D1
                  SHA-256:592D961B2CA1772EEB949A8A254D570EF7D540E197190EBB6E240AAE6DC1AC8C
                  SHA-512:55C75BD42CB380ADE85EBFBC155A01DCCB3FF69A9ACF974362F497A8BF9385D465A9369B0F032E897E4C2B8A7B404F07EB424DEDFA0DF566C9957FE0BD102C08
                  Malicious:false
                  Preview: ..'........CmnD....................T...0...j...................0...............@.......@a....... ......0........<..icudt44l/cnvalias.icu.icudt44l/confusables.cfu.icudt44l/icustd.res.icudt44l/icuver.res.icudt44l/keyTypeData.res.icudt44l/nfc.nrm.icudt44l/nfkc.nrm.icudt44l/nfkc_cf.nrm.icudt44l/pnames.icu.icudt44l/unames.icu............. ..'........CvAl....................I.......G...G...H...;........"..."....L.n...C.`.|.......................&./.`.......@.}.....a.......N.x.........H.......?.}...........*.A.t.........H.\.........6.E.j...........!.G.].~.........4.M.h...............*.D.S.m.............(.B.X.n...................5.\.t...........8.R.h.{.............!.3.N.b.}.............0.J.d.~.........4.b...........A.c...........&.F.a.s...............1.G.].l.{.........&.\.........=.i.x.....................".1.@.O.c.r...................4.I.^.s................... .H.o.........<.K.|.............'.6.E.o.~.................0.?.N.].l.{.....................%.?.].{.................. . % 4 C R a p . .

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuin44.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):198656
                  Entropy (8bit):6.64380352756754
                  Encrypted:false
                  SSDEEP:6144:6HShzKC9i5uV/g/g/TpF//Ms/iu88//og888//JD/pF3dxiFXiauHRF7unwa0D3V:kShztCEFXiauHrCq
                  MD5:8D3699088FEB1116F2C3006D5A3EB4CC
                  SHA1:EB474B812C72992746A261494DD17C088930B74A
                  SHA-256:38A6EEF1905066697A51FCF39DBBB58CA398366B691B401B9A4D4CDFFDF53806
                  SHA-512:1032B869C6DF58657DDA5B5113E01B4DB6EFC646F68F02F753F8254474AE986C997F13D33DFC434B7355348FB95239CC7B4A15EE8A09FBC67AE1C12CF47A490B
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................v.....I.....t.....H....bEt.....$b..........bEI....bEH.X..bEu.....r......>....bEw....Rich...........PE..L.....Z...........!.........................0.....J.........................@..........................................L.......d............................ .......................................y..@............0..h............................text...k........................... ..`.rdata..\....0......................@..@.data...L...........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\icuuc44.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):721408
                  Entropy (8bit):6.6421180468092285
                  Encrypted:false
                  SSDEEP:12288:2ckX8862mBZv1LsQXGCkmBLSOAN5Kb/If2vQ3REr:2vXbszhOmQOk5KbrQ3RE
                  MD5:B48567AC0DFF2C7BABA80A95B7D7DA00
                  SHA1:14A79906457883F1E3C531899B633DE33E390A2B
                  SHA-256:4610810F0FF01D25CD067C8F6115DC34D9795046B9F7E5ABA029C8172C155D21
                  SHA-512:EA99FFF5283D23BBA0782B126480053D5B264660ADD146E8751754EB748A619E01E472AA004851029D4236EEC99461A891F412C670AA9D04D825D6A6F92C330F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............f.......d.......[.......Z.......f.....}ip...............Z.....[.....g.......`.......,.......e.....Rich....................PE..L.....Z...........!...............................J.........................P..............................................\...x................................<......................................@............................................text............................... ..`.rdata..............................@..@.data...(,..........................@....rsrc...............................@..@.reloc...<.......>..................@..B........................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libcrypto-1_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2014208
                  Entropy (8bit):6.264872336582913
                  Encrypted:false
                  SSDEEP:49152:/rPfpvQ/qpyr0kwn678eUI19F3zrALBpT2nv8m26C1CPwDv3uFhjEHsuo:/rXpvQ/qpyr0kiReUI19F3zrALBpNm2j
                  MD5:651CC0A1CF4708C58D8E39C4F0AEC8AE
                  SHA1:309969C87112BF9047F1D401D51F955AD466AF47
                  SHA-256:5D5921784C209882CCC755C3255B9846193B89BE0E204D1DFFC515B72C23AA58
                  SHA-512:1E1A358AB4BF626276978D4B6A7C68671597F94C467ACC13F13A4A9399BDCFDA5A11F55D3064DF0BFBB2103C02389552323AF202E945C8894F61F40157027EC9
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........WS..9...9...9.......9.......9.......9.......9.Ev....9...8.9.9...9...9.-.....9.-.....9.......9.-.....9.Rich..9.........................PE..L.....Z...........!.........Z......`F.......................................0............@..........................w...%...3..x....P.......................`..... ...8........................... _..@............0...............................text...t........................... ..`.rdata..............................@..@.data............X..................@....idata..T....0......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgcc_s_sjlj-1.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):509923
                  Entropy (8bit):5.687951319586652
                  Encrypted:false
                  SSDEEP:6144:oysXUsRKAkelV40/LhYlscVI22Rg4p7mr:GXUaK+Hh/LmlIv4
                  MD5:B7EEFF5907E7D08ECA94CA41501B2AFD
                  SHA1:6F4B9FF39695B8F3D075EFD288B1966B1DA5207C
                  SHA-256:F94EF1D6184DDA5DED1BAA70D92C10B62AE55EA2520994AF5EA6AC9AD3397FE1
                  SHA-512:D921E5EBDCB03278E1A7C4C24B5F7A22B7F894C7078C5A9B6581FEC3A4244025247D3E413B24B768954412BEE2297BF9DE3AFC353492F2A5978520BAF1ACCE87
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q...........!.....0...T......@........@.....l.........................P......D......... ......................p...............................................................................................................................text...t/.......0..................`.P`.data...8....@.......6..............@.0..rdata..P....P.......8..............@.`@.bss.........`........................`..edata.......p.......>..............@.0@.idata...............J..............@.0..CRT....,............P..............@.0..tls.... ............R..............@.0..reloc...............T..............@.0B/4...................Z..............@.@B/19......>.......@...j..............@..B/31.....Ph.......j..................@..B/45.................................@..B/57......'... ...(..................@.0B/70..........P......................@..B/81..........`..........

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libgfortran-3.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):1010050
                  Entropy (8bit):6.414003047754282
                  Encrypted:false
                  SSDEEP:24576:s8mGnPrZ3IZmvZhd5Y6WZ4e78zReE4HLXfwbKSUycc2cnnT7CEsJPBQb2R0WcCjN:4GPV3rvZB2FUcmI
                  MD5:564143A64A70FD4E7DD6B084B7D17AD7
                  SHA1:7C74B1154B176F12A2A15526684A04CCC4737A77
                  SHA-256:E2D2BD6A97DA894A5CF6CD4FF2702830B3DCF8B65B44DCC3BA47052DD09E86CB
                  SHA-512:10BEDB65D92EA97B4A22CF2925BDE6DE20D7876C6FAE7DF823A74BD43C8019F5F9378407207018D2AD63916087F949AF8AD0AF90C23029439BF45A7877BE18F2
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q.L.........#.....(...H......@........@....`o......................................... ..............................@...................................@...........................p.......................C..0............................text...t&.......(..................`.P`.data........@.......,..............@.`..rdata...<...P...>...0..............@.`@.bss..................................`..edata...............n..............@.0@.idata.......@......................@.0..CRT....,....`......................@.0..tls.... ....p......................@.0..reloc...@.......B..................@.0B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libopenblas.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):21327719
                  Entropy (8bit):6.157551064730241
                  Encrypted:false
                  SSDEEP:196608:BscMNxscjxscAxscrxscfxscmxscEa+7tyT1CvV7qk3Dl8rI2fR:1MoagLuR
                  MD5:9E5B61E47964F7788B8ABBED165D97C1
                  SHA1:2F92CB79699DF4714E70E49E65F78D32DFB91D56
                  SHA-256:E7E770488F34CD1C0E7C062E9569EAE00360226A9A25130A9911D36F122960A3
                  SHA-512:2366C10CBD583776FB455D2A53790018A9AA8E5656E9BA804B4C1E73FA59E03AF271B511A1341838DE498A39891C6B8AE4C41B4C39F08779BB27AA692DBD55E2
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.&...!.....!.........z......@.............|m..........................,.......E....... ......................P%..f....'.(.............................'...............................'.......................'.H............................text...............................`.P`.data...\...........................@.`..rdata..H....0......................@.`@.bss.........@........................`..edata...f...P%..h...$..............@.0@.idata..(.....'.....................@.0..CRT....,.....'.....................@.0..tls.... .....'.....................@.0..reloc........'.....................@.0B/4............*.....................@.@B/19...........*.....................@..B/31......0....+..2...T..............@..B/45.....T?....,..@..................@..B/57.....0....@,.....................@.0B/70..........P,.....................@..B/81......I...`,..J......

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libprotobuf-2.3.0.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):807936
                  Entropy (8bit):6.607592343439706
                  Encrypted:false
                  SSDEEP:24576:mc/4FpGgHM9WyI58/guwNIbiLT/7ZS2u/Bdm6kgVTD5pJeTabElT/BobHECrw0Vm:KPM9WyI58/g9SUTDZS2u5dm6kgVTD5p5
                  MD5:61A72D7430DB29C1FF630E2D540D8BB7
                  SHA1:C51C5AA5A99441604A1C6CA0940E4D696C584F58
                  SHA-256:861A84AE22255D13EEFD3E6278A3E6F2D8B7184DB02FCA88C06156077EF757BD
                  SHA-512:76EC9D78A7BE622262993DCB578B1FA92B6FEE6DA896C0EF8151A1A77A28C0BBFAC4DB9E2C992D83FDF0C200E979B0D935549B632E79EE02F2AB0FD29D64F6F8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j..j..j...Y..o..g...b..g.&.f..g...n..g.'.o......i..j..=...g&.b...g#.J...g..k..g...k...g..k..Richj..........PE..L.....Z...........!.....T...........V.......p............................................@.....................................P.... .......................0...Z..................................8...@............p..H............................text....R.......T.................. ..`.rdata.......p.......X..............@..@.data...............................@....rsrc........ ......................@..@.reloc...Z...0...\..................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libquadmath-0.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):317098
                  Entropy (8bit):6.340371839774328
                  Encrypted:false
                  SSDEEP:6144:UiMcnBcqngoBLqQiQZN9oal0+wbQXIqPP63I8MxpJIpe9aglmBiyRVRFjld:UidqwiQZN9oal0+wMZR8MxpxllyRVTj/
                  MD5:3354B9256750A6B7D97BA30B4AD00717
                  SHA1:E518B655C83985CC607F624ADDBC8CB61F8FAEAD
                  SHA-256:B543942B4484D49B95F0EF72399E6DDBF49C7BE54024AF1E7D6001136A9145E6
                  SHA-512:FB086F26CD0C1C92F012819CCDD045CC4B7D84BA1BDD5CF5665EBF11172F49E712FFE5A354872A24715978955EC9FF7E14C730DF4F917502E5533A3EBCB105FC
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q....:......#................@..............l.........................@.......j........ .........................7.................................... ..X....................................................................................text...$...........................`.P`.data...............................@.`..rdata..<...........................@.`@.bss..................................`..edata..7...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..reloc..X.... ......................@.0B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libssl-1_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):373248
                  Entropy (8bit):5.700089335139897
                  Encrypted:false
                  SSDEEP:6144:lPvyBVvKT83zcsWmeGr5dUaH8SlSjCzxoH2TnF57E7728AcwqUSvcyOvStasRgix:tvuVw83YsWmHr5dUaHblSjCzxoH2TnFI
                  MD5:D945FBBFDA7774C18F1CEB030AF9AF50
                  SHA1:7C18B3B98268FEE26D34543CB5B9BA00D359386B
                  SHA-256:181A3CEF0954289E3D8D07B7E8F3259AFE635A615DDF9C4D2A2D9B328A8CBC71
                  SHA-512:122AF543248A87FA9C22B9C0A6390CE0B71B7E6470325D56EB0B618F31C1FE9238B799A66146012B66B6BA568F954789D7FFBF2459F4BFE72D167830B8BC8AC1
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w{...(...(...("..(...(..(...(..(...(..(...(..(...(Jm.(...(...(7..(Jm.(...(Jm.(...(..(...(Jm.(...(Rich...(........................PE..L.....Z...........!.........................0............................................@..............................>...y..P...............................D'.. 6..8...........................@...@............p...............................text............................... ..`.rdata.......0......................@..@.data....A... ...>..................@....idata..':...p...<...@..............@..@.rsrc................|..............@..@.reloc...,..........................@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\libxml2.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):998400
                  Entropy (8bit):6.73979108880946
                  Encrypted:false
                  SSDEEP:24576:jgiqKNx7K1k4mLvXZoArhXaGDvkxuhyWRgwIeB:pqKv7K1k4mLvX175d
                  MD5:D7FB40CB3FCEE7971CBCB1FCC6F7446F
                  SHA1:CA2167C207A9ED3977D4EA96D5C853887D6A6662
                  SHA-256:A69A996CDA3D40EB84AF2B3174E4A4FAD8C31B80E48D5F8D12358ABDAF8A888B
                  SHA-512:DCEAD36ADB4DF0AA6834AA8857CE1DFFCC49787A1888D747826F2BCAF83B3815CF90DD60B7FBA66518801BA305EDE9A56F69DD367103F618083582AEB1B67599
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n^..*?y.*?y.*?y.'m..(?y...,?y.'m...?y.'m..!?y.'m..(?y.....)?y.*?x.}?y....?y...+?y...+?y.Rich*?y.........................PE..L.....Z...........!.........................................................p............@.................................D...<...............................P.......................................@...............d............................text............................... ..`.rdata..............................@..@.data....!..........................@....reloc..P...........................@..B................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp120.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):455328
                  Entropy (8bit):6.698367093574994
                  Encrypted:false
                  SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                  MD5:FD5CABBE52272BD76007B68186EBAF00
                  SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                  SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                  SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcp80.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):554832
                  Entropy (8bit):6.428532379402239
                  Encrypted:false
                  SSDEEP:12288:rZY4lOHMwLwXBt+iaKst/Ua/hUgiW6QR7t5j3Ooc8NHkC2eW9:rZY4lOHMM8wifstjj3Ooc8NHkC2e6
                  MD5:0B3595A4FF0B36D68E5FC67FD7D70FDC
                  SHA1:973614AC9622D5EA9CDD68FEBCE3258D196408B6
                  SHA-256:372AF797353F9335915CD06D4076BAB8410775DCAF2DAC0593197D7C41BBFFB2
                  SHA-512:E191DE0236E05E0BB198C51E2F630B56B833B868383E7AB0BBFD91010FA57A9402364E1082C0F267B1E24789F6D7E6D0253D2A932369F469588EEC6ADA3F48BE
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L...l..M...........!.....@... ...............P....B|.........................p............@.............................L...T...<....................`..P.... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr120.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):970912
                  Entropy (8bit):6.9649735952029515
                  Encrypted:false
                  SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                  MD5:034CCADC1C073E4216E9466B720F9849
                  SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                  SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                  SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\msvcr80.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):632656
                  Entropy (8bit):6.85450359191272
                  Encrypted:false
                  SSDEEP:12288:Kxzh9hH5RVKTp0G+vphr46CIFt0yZmGyYGK:Kph9hHzVKOpRFHmGyYt
                  MD5:C9564CF4976E7E96B4052737AA2492B4
                  SHA1:43851FE4644C0A1EB31FE80F427777F1F0015EFA
                  SHA-256:C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D
                  SHA-512:8E9817AB398A86AF6982D39FED018FF5282F60C5330DBEF6417CFBE73731D8503C63DA32107D948CC1EBA14DD30AAB614C7C858300E4F79CA418DC42D353F9C8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L......M...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`..................P....p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\openh264.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):659968
                  Entropy (8bit):6.796156730742692
                  Encrypted:false
                  SSDEEP:12288:ey/L8xWA0lYZ4tri5bKgv1ISDbaQAKVF5el2sLpGKJ98DBm7pbSKvx07:ey/L2Wnlwyi5zhVAKVvel2epFtpb/2
                  MD5:4D24889157CFA94D65076DB4EE10A9DE
                  SHA1:20EE9F531F0D0EC21C5F51D42BDE854AF4DA3A3E
                  SHA-256:CC2B7DE5700DCCBC13839A56679CB665DFE23413972CC5C8D23E19BDE0163DC1
                  SHA-512:3FA21E65D0BE9878C89B2F1C9FD6A5F60C0ABDF058C714B6FC4B7ED8D6480C049EAD5BD511A69B49C5FF7B697929BAAF718216E5A0675AA551E6D219EBB1C71F
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................Z...........\........'.............&.Z...w;'.........w;............w;.....Rich...........................PE..L.....Z...........!.....(...........E.......P...............................p............@.....................................(.... .......................0...5..`Q..8...........................`...@............P...............................text............................... ..`.rodata. ....0...................... ..`.rdata......P.......,..............@..@.data....=..........................@....rsrc........ ......................@..@.reloc...5...0...6..................@..B........................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\opus.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):252928
                  Entropy (8bit):6.832609694437047
                  Encrypted:false
                  SSDEEP:6144:fXoVjhUy/c8K6PRPrV0QkuJZwny2voO+Smdebt31bmvPuL:f2hX/7K6y1Yebfy
                  MD5:45EAE684AAD227A8DE94BEEAEF65BEB3
                  SHA1:58889AFA83A11B244FE64D825657D1D1FBA29301
                  SHA-256:4CE1A959F765094C4C2103FCF56FD5A7D0266A5C80E24A86F202B3A398E776EE
                  SHA-512:7A5D160BC1D5E107F79D9056F4D1C92D15A22B9C723BB04F4580C86C996F527440EF1BA32B812D536409DF18010F976D3A8F79DF3E25D244F888563E5C968F36
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L...........^......\......c......b....`$H...........Ec./...E_......X.....E]....Rich...........................PE..L...n.Z.........."!.....,...........4.......@............................................@.........................P...........<.......................................................................@............@...............................text....+.......,.................. ..`.rdata.......@.......0..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\protobuf-net.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):197632
                  Entropy (8bit):5.827914335121952
                  Encrypted:false
                  SSDEEP:3072:QDS6s11CNtSu01ck48ChK8CShUlNIUAQwXaQ5edod9hoiexKcMva3rdY:PzWMGN8CckUnAt5edod9hoisKbvyd
                  MD5:401AFB233E762D9365903B641CD7FF71
                  SHA1:A053F32D0FE1F2CC2FB531D72B91C36BAC87D6C3
                  SHA-256:66653D787AB796A55C55AFDFA35D2FD9AD78C89BBD51E0D01965214399FA56B6
                  SHA-512:2728125CCA2F8CCD8DF00E53CBA6B4EA56B702B3F3864912CB947FBB5D9E521623DC8C7BA80B27ABBDC4D7D5C6DB9E4CB29B0A4D68C94725B437A2D953AF24D8
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L4IR...........!................~.... ... ....... .......................`............@.................................0...K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H...............................P ..........................................K4.?....o.m....?.../.s.|d....c.....@.[..;..........fi..M....?..r...R..w...?7*T.....76..rj.Y+..B.uF..j._.!./9....H0..R.;E..($...*.0..U........-.r...ps%...z.o.......YE................8......(&.....~'...((...,..j....8.....~)...((...,..j....8.....!..i*....].j3....!..i*....[.+l.!.h.a....].j3....!.h.a....[.+M. .F.#j].j3.... .F.#j[.+4. ....j].j3.... ....j[.+.. .'..j].j3.... .'..j[.+.....(.......j.....(..

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\pthreadVC2.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):81920
                  Entropy (8bit):6.162873765569141
                  Encrypted:false
                  SSDEEP:1536:hWRuBYnsKz248jFHRURGXkPb+8iH/p0aHR:hgnsKzHUBR8G4b+8iH/p0aHR
                  MD5:A19DBAD6749AB2A170F68FACBE78E84E
                  SHA1:F4DA5AD277DED2C08BA257F4219FB86D1A2269EF
                  SHA-256:3673C8AF228F82BD8EA7A93CCC66E7E898A69709EEECD3B1FC1C271FA5FE83E0
                  SHA-512:5770A8AA52890197917FEDE88475C9567F92AF824C6FEDA53FDA1DB0AF86FEEA424169C796DD36A6D06388BEC998E24B7884DDBDA63707B4F370E965EC8D8A8E
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~,.............0m......0~......................0}......0j......0l......0h.....Rich............................PE..L......S...........!.........`.......i.......................................P.......P..............................`...U...D...(....0.......................@..........................................@...............h............................text............................... ..`.rdata...-.......0..................@..@.data...,...........................@....rsrc........0....... ..............@..@.reloc.......@.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\swresample-2.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):194048
                  Entropy (8bit):6.6472355045556455
                  Encrypted:false
                  SSDEEP:3072:+gIs9l/yeOtSjmy9tLsDeWdN+RRDvRgpwdqwoUu1VahFs8:Rbdfr4D5dEHhgwrlf
                  MD5:1D46683F483BF7FEE18E55B19B815AA5
                  SHA1:98D3D44B0FB924547E52B645151223F38EA607C6
                  SHA-256:618B4281335EB5AEC94B85A78240A90F4BC0561AAEF1C40CD6E43C36D1503CA0
                  SHA-512:EABE850008C505B5F283EFF97551CE8DAAE507706883FDF8879F9A7058C0E1E36C86F08E13604A9400D7415920B4FCE71ACD303EC03D9E280BC227339AF54F1D
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3j._w...w...w.....z.u...zYP.o...zYn._...zYQ......l.t...w.......w...t....Q.{....m.v....o.v...Richw...................PE..L.....Z.........."!.................M....... ...............................`............@.............................y.......<............................@..4....!..8...........................x...@............ ..`............................text............................... ..`.rdata..$.... ......................@..@.data....0..........................@....rodata...... ......................@..@_RDATA.......0......................@..@.reloc..4....@......................@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\swscale-4.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):534528
                  Entropy (8bit):6.713558117003787
                  Encrypted:false
                  SSDEEP:12288:Hz+WYGkvZD47t7cTO/AeBLkHVxCqJhyWYDEDrh6cHtiwOnuaS/ld/k3u5+g14MzD:BwS1Pp1LYzt
                  MD5:0028651CAD61D6533DDA740440EC5FA2
                  SHA1:BB0614434BB0EF1EF410CE02AC7333F6310C1DD8
                  SHA-256:4A98081ED36E40055387BA9A5C2B0A74F10069A18A980E1B002B369C0514497D
                  SHA-512:7EB54D6612C0F2C3B4FEAD0317C660E8F231ED17ACFBC982F8D43D4869BE878624B2B82D24EF0E99DB27AA46B1E2CFBAC86D9186BAE70D06EE845BC770DE5337
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X.P.X.P.X.Pp..P.X.P..1P.X.P...P.X.P..0P.X.P...P.X.P.X.P.X.P.X.P.X.P..0P.X.P...P.X.P...P.X.PRich.X.P................PE..L.....Z.........."!................f.....................................................@.........................p.......`...<................................,......8...........................`...@...............@............................text...L........................... ..`.rdata..............................@..@.data...............................@....rodata.@...........................@..@.reloc...,..........................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\vccorlib120.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):247984
                  Entropy (8bit):6.601853231729306
                  Encrypted:false
                  SSDEEP:6144:+SsS5fv6EATwqlGwyfDyodYI3ZubfW5nb2PQuW0x:+I5fv6EATwqlGwyfDyodYI3Zv1C
                  MD5:69837E50C50561A083A72A5F8EA1F6A2
                  SHA1:1A4B4C6C3CB6A5164CC1018AC72D0300455B3D8F
                  SHA-256:9C9D4E421C55F7EF4E455E75B58A6639428CCD75C76E5717F448AFE4C21C52BC
                  SHA-512:FD20C6B4EEC972C775681AD7322769D5074108D730727051EF77D779A277D77B12419E1FEE1E2EC0CF376A235573A85AD37975245DBF078DE467953AFD02164A
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0p..Q..Q..Q..)..Q......Q......Q......Q......Q..P...Q..Q...Q......Q......Q......Q......Q..Rich.Q..........PE..L....OR.........."!.................4...............................................:....@.............................e=...A.......`...................>...p...R..0................................/..@............@...............................text............................... ..`.data...xp.......n..................@....idata.......@......."..............@..@minATL.......P.......0..............@..@.rsrc........`.......2..............@..@.reloc...R...p...T...6..............@..B........................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\vrllite.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):851456
                  Entropy (8bit):6.587330798768696
                  Encrypted:false
                  SSDEEP:12288:lptqJnunhPCsZ9yh3CEpEXDCBQOxUfFdEYKjj3ddwUbdJooYQEiF5ZWKWecz8Zxf:hCK9m3CEpEXm9OYF5XW/z8w
                  MD5:2CBB620783B2808F75524A2DB3935D88
                  SHA1:A69DCEAB6F053444FA101117A13051CE74252676
                  SHA-256:D99A30CF708FEEC63ECCA1E2EFE7A260BFB73F85B0D99C8BABC716E3C24C6AC3
                  SHA-512:5E6C4817BC45FB95E4AED65332089CEE9AE51BF18FA5E8BF80784A1ACEF73A7C33B20512F4492E6C6D8745AF0F08316E64D5BC00FE5C1FBE4825FC520D2618FD
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$..J..J..J.s....J.....J.....J.X'...J.....J.....J.0F...J..K..J..J..J.....J.X'...J.X'...J.....J.....J.X'...J.Rich.J.........PE..L...0..[...........!.....L..........UR.......`...............................@............@.............................5.......d....................................f..8....................3.......2..@............`...............................text....K.......L.................. ..`.rdata.......`.......P..............@..@.data...hF...0...<..................@....tls.................V..............@....rsrc................X..............@..@.reloc...............^..............@..B........................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\xerces-c_3_1.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1939456
                  Entropy (8bit):6.44446091036391
                  Encrypted:false
                  SSDEEP:24576:hqV8NjSHdRLL0BZRPWuEI8dY2h82Z1OMAWWNoLQNb:hgfROtEI8KaYMKoLQNb
                  MD5:5644B595F161AF3A39389E27FB4CA734
                  SHA1:B2062A3A2387AA9AA8B4B81F233DB280947CF22D
                  SHA-256:5C26FD89F48B18B1CF6878D8A9B9DAE4936CBA7348D5293BE1D55952A25E4D75
                  SHA-512:49E7784815FC66D56B717BBCBBA58F06301EEB7B9C54056D9B15E9EE80F2E5134B59DDE54EA71489F9AE5CDCDDC3294D9F5B94D242148CE29DB9B4755A75696C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T..W.............s........................>.......?......,..........{....M;.;....M................I......M......Rich....................PE..L.....Z...........!.....................................................................................................)..d...P........<..............................8............................)..@............................................text...a........................... ..`.rdata...C.......D..................@..@.data..............................@....rsrc....<.......>...x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\ckz_5KZN\zxcvbn.dll

                  Download File
                  Process:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):819200
                  Entropy (8bit):4.69304726993544
                  Encrypted:false
                  SSDEEP:12288:/q3pL7avFdgO0Q9AepXc730POhwRIAuDExmwCZ4p/DEdKyFGs29pGP:CfQi0SwZdyI
                  MD5:0407282823C56CA1CD881627EDE458ED
                  SHA1:C9827FB4C12B6F33EDAC03AD251AB8E6FED03617
                  SHA-256:FE0109528CC689B9196164C40CD1D402662479165C28D846071A68CB10E9552B
                  SHA-512:D14D48837745221821BA9ABECB21B1E0EB3566EB68B7ABD3565DD743300F3A54913B737797C82E30F7F60942C51538DA9F96268CBE2C591AB896D9F562211C1C
                  Malicious:false
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.5Y...........!.....x............... ........... ....................................@.................................4...W.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B................p.......H...........<...........``.._............................................0...........(....s......r...pr...ps/...o.....r1..prA..ps/...o.....rY..pro..ps/...o.....r...pr...ps/...o.....r...pr...ps/...o.......s......s_...o.....sg...o.....r...p...r...psZ...o.....r...p.w.r7..psZ...o.....s....o.....su...o.....}.....{.....o.....{.....sB...o....*...0..4.......rA..p.s0.....sC.....{....s.......o......o.....(...+*.0..H.......(%...o&....{'...3..{(.....3...}(.....+..s)......{*...}+.....{,..

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.985560430740464
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  File size:84607631
                  MD5:5952de86d1a047feceb4f21828cf0f74
                  SHA1:5194f085b9374789c3c7760c571f19a4c1b2231b
                  SHA256:9553b533d1d85c669b6b529506ea25a44a1cd3795f71d61503923e5ce0270ea9
                  SHA512:14a609d31a73197997fa058fa86a6bff2fee26ad5a0577c8d4e36c95c5d4995f6a6be5c76a96730e7571a9a1691cb1e138891b3e22912222559943b2c906c03f
                  SSDEEP:1572864:hJIIEpd+FXlm0Sg9MVRsUf/VVF7eEJEIVY9e7R+MwqcJCA37nzWys5qx3iu76jUf:hSB3gXlLSg9aXf/HJEIu9e7RxwX4A37Z
                  TLSH:D7083302F340D8A2C9DF103418E6473A5B365D54F728EEEFEBD0B59C9479AC26239687
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........E...E...E...>...D...s...........Y.......L...E.......s...0.......D...RichE...........PE..L.....JM.....................p.....

                  File Icon

                  Icon Hash:00c8c2c6f6b8c010

                  Static PE Info

                  General

                  Entrypoint:0x4294f4
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  DLL Characteristics:
                  Time Stamp:0x4D4AC5B8 [Thu Feb 3 15:11:52 2011 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:8c2569b7ea105c161af93da6bcc0dfa4

                  Entrypoint Preview

                  Instruction
                  push ebp
                  mov ebp, esp
                  push FFFFFFFFh
                  push 00455138h
                  push 0042D474h
                  mov eax, dword ptr fs:[00000000h]
                  push eax
                  mov dword ptr fs:[00000000h], esp
                  sub esp, 58h
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [ebp-18h], esp
                  call dword ptr [0045114Ch]
                  xor edx, edx
                  mov dl, ah
                  mov dword ptr [004738E0h], edx
                  mov ecx, eax
                  and ecx, 000000FFh
                  mov dword ptr [004738DCh], ecx
                  shl ecx, 08h
                  add ecx, edx
                  mov dword ptr [004738D8h], ecx
                  shr eax, 10h
                  mov dword ptr [004738D4h], eax
                  xor esi, esi
                  push esi
                  call 00007F7344C339CFh
                  pop ecx
                  test eax, eax
                  jne 00007F7344C2FB1Ah
                  push 0000001Ch
                  call 00007F7344C2FBC5h
                  pop ecx
                  mov dword ptr [ebp-04h], esi
                  call 00007F7344C3369Ah
                  call dword ptr [00451148h]
                  mov dword ptr [00476884h], eax
                  call 00007F7344C33558h
                  mov dword ptr [00473914h], eax
                  call 00007F7344C33301h
                  call 00007F7344C33243h
                  call 00007F7344C2F8C6h
                  mov dword ptr [ebp-30h], esi
                  lea eax, dword ptr [ebp-5Ch]
                  push eax
                  call dword ptr [00451144h]
                  call 00007F7344C331D4h
                  mov dword ptr [ebp-64h], eax
                  test byte ptr [ebp-30h], 00000001h
                  je 00007F7344C2FB18h
                  movzx eax, word ptr [ebp-2Ch]
                  jmp 00007F7344C2FB15h
                  push 0000000Ah
                  pop eax
                  push eax
                  push dword ptr [ebp-64h]
                  push esi
                  push esi
                  call dword ptr [00451140h]

                  Rich Headers

                  Programming Language:
                  • [ C ] VS98 (6.0) SP6 build 8804
                  • [C++] VS98 (6.0) SP6 build 8804
                  • [EXP] VC++ 6.0 SP5 build 8804

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5b3900x64.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x770000x8d0.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x510000x204.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x4fdf00x50000False0.485638427734375data6.562086036229992IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x510000xaec60xb000False0.4184348366477273data5.111872921295568IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x5c0000x1a8980x17000False0.3583984375data4.41049847974551IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x770000x89f180x8a000False0.07929970561594203data2.3589854430745327IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  RT_ICON0x773880x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                  RT_ICON0x777f00x988dBase IV DBT of 0.DBF, block length 4608, next free block index 40EnglishUnited States
                  RT_ICON0x781780x10a8dBase IV DBT of @.DBF, block length 8192, next free block index 40EnglishUnited States
                  RT_ICON0x792200x25a8dBase IV DBT of `.DBF, block length 18432, next free block index 40EnglishUnited States
                  RT_ICON0x7b7c80x4228dataEnglishUnited States
                  RT_ICON0x7f9f00x94a8dBase IV DBT of \300.DBF, block length 8192, next free block index 40, next free block 16777216, next used block 16777216EnglishUnited States
                  RT_ICON0x88e980x10828dBase III DBT, version number 0, next free block index 40EnglishUnited States
                  RT_ICON0x996c00x25228dataEnglishUnited States
                  RT_ICON0xbe8e80x42028dBase III DBT, version number 0, next free block index 40EnglishUnited States
                  RT_DIALOG0x1009100x250dataEnglishUnited States
                  RT_DIALOG0x100b600x154dataEnglishUnited States
                  RT_DIALOG0x100cb80x94dataEnglishUnited States
                  RT_DIALOG0x100d500xd8dataEnglishUnited States
                  RT_STRING0x100e280x56dataEnglishUnited States
                  RT_ACCELERATOR0x100e800x10dataEnglishUnited States
                  RT_GROUP_ICON0x100e900x84dataEnglishUnited States

                  Imports

                  DLLImport
                  KERNEL32.dllGetCurrentDirectoryA, WaitForSingleObject, GetCurrentDirectoryW, SetEndOfFile, GetStringTypeW, GetStringTypeA, LoadLibraryA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetCPInfo, CreateProcessA, FlushFileBuffers, SetStdHandle, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, LCMapStringW, LCMapStringA, MultiByteToWideChar, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, WideCharToMultiByte, HeapFree, GetLastError, LocalFree, SetFileTime, LocalFileTimeToFileTime, GetFullPathNameW, GetFullPathNameA, GetTempPathW, GetTempPathA, GetModuleFileNameW, DeleteFileW, DeleteFileA, SetFilePointer, GetFileAttributesW, CreateDirectoryW, SetCurrentDirectoryW, SetCurrentDirectoryA, SetFileAttributesW, RemoveDirectoryW, CreateDirectoryA, SetFileAttributesA, GetFileAttributesA, CreateFileA, Sleep, GetTickCount, GetACP, GetOEMCP, FormatMessageA, GetModuleFileNameA, CreateFileW, CloseHandle, GetFileTime, ReadFile, WriteFile, GetFileSize, FileTimeToLocalFileTime, GetVersionExA, RtlUnwind, ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapReAlloc, HeapAlloc, HeapSize, GetProcAddress, GetExitCodeProcess
                  USER32.dllPostMessageA, SetTimer, GetDlgItemTextA, LoadStringA, DefWindowProcA, DestroyWindow, BeginPaint, EndPaint, GetDlgItemTextW, SetWindowTextW, MoveWindow, SetDlgItemTextW, EnableWindow, EndDialog, PostQuitMessage, MessageBoxW, GetDesktopWindow, GetWindowRect, CopyRect, OffsetRect, SetWindowPos, CreateWindowExW, DialogBoxParamW, LoadCursorA, RegisterClassExW, LoadStringW, GetMessageA, TranslateMessage, DispatchMessageA, MessageBoxA, GetDlgItem, SendMessageA, SetDlgItemTextA
                  SHELL32.dllShellExecuteExW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc
                  ADVAPI32.dllCryptAcquireContextA, CryptReleaseContext, CryptGenRandom

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  No network behavior found

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:23:34:10
                  Start date:31/08/2022
                  Path:C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe"
                  Imagebase:0x400000
                  File size:84607631 bytes
                  MD5 hash:5952DE86D1A047FECEB4F21828CF0F74
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:3.1%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:1.7%
                    Total number of Nodes:727
                    Total number of Limit Nodes:33
                    execution_graph 23632 41f6c0 23633 41f6d9 23632->23633 23634 41f6cb FindCloseChangeNotification 23632->23634 23636 41f6e6 23633->23636 23637 4291df RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23633->23637 23634->23633 23637->23636 23638 4160e0 23639 41610a 23638->23639 23646 41e1d0 23639->23646 23641 416144 23643 416199 23641->23643 23644 416214 23641->23644 23650 433876 23641->23650 23643->23644 23654 416050 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23643->23654 23647 41e1de 23646->23647 23649 41e211 23646->23649 23647->23649 23655 42929a RtlAllocateHeap 23647->23655 23649->23641 23651 433889 23650->23651 23653 43388d 23651->23653 23656 43717f 23651->23656 23653->23643 23654->23644 23655->23649 23657 437193 23656->23657 23666 4371f1 23657->23666 23667 436569 23657->23667 23662 4371e4 23675 4370ff RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23662->23675 23663 4371fa 23676 4370ff RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23663->23676 23666->23653 23668 436574 23667->23668 23670 436578 23668->23670 23677 42929a RtlAllocateHeap 23668->23677 23670->23666 23671 436bf6 23670->23671 23672 436c03 23671->23672 23673 436c0a 23671->23673 23672->23662 23672->23663 23673->23672 23678 43721a 23673->23678 23675->23666 23676->23666 23677->23670 23679 437235 23678->23679 23680 437566 23679->23680 23681 43759d 23679->23681 23686 437419 23679->23686 23687 42929a RtlAllocateHeap 23680->23687 23689 42929a RtlAllocateHeap 23681->23689 23684 437572 23688 42929a RtlAllocateHeap 23684->23688 23686->23673 23687->23684 23688->23686 23689->23686 23690 41ed60 23716 406010 RtlAllocateHeap 23690->23716 23692 41ed9a 23717 42929a RtlAllocateHeap 23692->23717 23694 41edc0 23718 40ca50 CreateFileA 23694->23718 23696 41ee8f 23698 41ee9c GetLastError 23696->23698 23700 41ef59 23696->23700 23697 41ee2f GetLastError 23697->23696 23699 41ee23 23697->23699 23698->23700 23701 41eeba 23698->23701 23699->23696 23699->23697 23707 41ee48 23699->23707 23702 406400 ctype 4 API calls 23700->23702 23721 406110 23701->23721 23705 41ef81 23702->23705 23706 41eec3 23728 406d00 GetLastError LocalFree FormatMessageA 23706->23728 23707->23696 23707->23699 23719 41e730 Sleep 23707->23719 23720 40ca50 CreateFileA 23707->23720 23710 41eed4 23729 408bb0 23710->23729 23712 41eef6 23735 408c80 23712->23735 23714 41ef48 23740 406400 23714->23740 23716->23692 23717->23694 23718->23699 23719->23707 23720->23707 23722 406132 23721->23722 23743 405430 RtlAllocateHeap 23722->23743 23724 406162 23725 4061b5 23724->23725 23744 405430 RtlAllocateHeap 23724->23744 23725->23706 23727 406172 23727->23706 23728->23710 23730 408bd5 23729->23730 23731 406110 RtlAllocateHeap 23730->23731 23732 408c01 23731->23732 23733 406110 RtlAllocateHeap 23732->23733 23734 408c10 23733->23734 23734->23712 23736 406400 ctype 4 API calls 23735->23736 23737 408cb3 23736->23737 23738 406400 ctype 4 API calls 23737->23738 23739 408cc0 ctype 23738->23739 23739->23714 23745 405440 23740->23745 23742 406431 ctype 23742->23700 23743->23724 23744->23727 23746 405453 23745->23746 23747 40544d 23745->23747 23746->23742 23749 428ddf 23747->23749 23752 42b1a5 23749->23752 23751 428de8 23751->23746 23754 42b1b1 ctype 23752->23754 23758 42b1cd 23752->23758 23753 42b1d1 23755 42b1fd RtlFreeHeap 23753->23755 23753->23758 23754->23753 23754->23755 23756 42b1c7 23754->23756 23755->23758 23759 42f160 VirtualFree VirtualFree HeapFree 23756->23759 23758->23751 23759->23758 23760 430b40 SetUnhandledExceptionFilter 23761 401483 23762 4014a8 23761->23762 23763 40148a 23761->23763 23767 4014d9 23762->23767 23768 4014b4 23762->23768 23770 401558 22 API calls 23762->23770 23764 4014e9 GetMessageA 23765 4014ef TranslateMessage DispatchMessageA 23764->23765 23764->23768 23765->23764 23767->23764 23768->23763 23771 4291df RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23768->23771 23770->23767 23771->23763 23772 4010e9 23777 4010f3 23772->23777 23776 401107 23778 40478c __EH_prolog 23777->23778 23800 404b36 RtlAllocateHeap __EH_prolog 23778->23800 23780 4047a9 23801 405270 5 API calls 2 library calls 23780->23801 23782 4047cc 23802 40496a 23782->23802 23786 4047dc 23806 404a24 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23786->23806 23788 4047e4 23807 404a76 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23788->23807 23790 4047ed 23808 404a46 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23790->23808 23792 4047f6 23809 404adc RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23792->23809 23794 4047ff 23810 40497e RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23794->23810 23796 404807 23811 4049a0 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23796->23811 23798 4010ee 23799 428d25 11 API calls 23798->23799 23799->23776 23800->23780 23801->23782 23812 40512f 23802->23812 23805 404afe RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23805->23786 23806->23788 23807->23790 23808->23792 23809->23794 23810->23796 23811->23798 23813 40514f 23812->23813 23816 405165 23813->23816 23818 40516f __EH_prolog 23816->23818 23817 4047d4 23817->23805 23818->23817 23819 406110 RtlAllocateHeap 23818->23819 23820 40518d 23819->23820 23821 4051be 23820->23821 23824 40504b 23820->23824 23822 406400 ctype 4 API calls 23821->23822 23822->23817 23825 405055 __EH_prolog 23824->23825 23826 406110 RtlAllocateHeap 23825->23826 23827 405064 23826->23827 23828 406110 RtlAllocateHeap 23827->23828 23829 40508f ctype 23828->23829 23836 404fa7 23829->23836 23831 4050c4 ctype 23832 406400 ctype 4 API calls 23831->23832 23833 4050e3 23832->23833 23834 406400 ctype 4 API calls 23833->23834 23835 4050ef 23834->23835 23835->23821 23837 404fb1 __EH_prolog 23836->23837 23844 42929a RtlAllocateHeap 23837->23844 23839 404fc0 23841 404fd3 ctype 23839->23841 23845 404b36 RtlAllocateHeap __EH_prolog 23839->23845 23843 404fe7 23841->23843 23846 410320 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23841->23846 23843->23831 23844->23839 23845->23841 23846->23843 23847 401c2b 23848 401c33 23847->23848 23849 408bb0 RtlAllocateHeap 23848->23849 23852 401d08 23848->23852 23850 401c51 23849->23850 24090 404871 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23850->24090 23851 401de0 23854 401df6 DialogBoxParamW 23851->23854 23852->23851 23879 4048ed 23852->23879 23858 401d85 23854->23858 23856 401c67 24091 408cf0 23856->24091 23860 401d29 23863 401d92 23860->23863 23868 401d39 23860->23868 23861 401c72 23869 401c86 23861->23869 24096 408e00 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23861->24096 23889 4026a3 23863->23889 23864 401d52 DialogBoxParamW 23864->23858 23866 401d73 23864->23866 24100 401558 22 API calls 23866->24100 23867 401da9 23867->23858 23874 401db8 DialogBoxParamW 23867->23874 23868->23864 24099 401558 22 API calls 23868->24099 24097 404899 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23869->24097 23873 401d4f 23873->23864 23874->23858 23875 401cbe 24098 401558 22 API calls 23875->24098 23877 401cf6 23878 408c80 4 API calls 23877->23878 23878->23852 23880 4048f7 __EH_prolog 23879->23880 23881 408bb0 RtlAllocateHeap 23880->23881 23888 401d21 23880->23888 23882 404919 23881->23882 24101 4049b4 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23882->24101 23884 40492c 23885 408cf0 2 API calls 23884->23885 23886 404937 23885->23886 23887 408c80 4 API calls 23886->23887 23887->23888 23888->23851 23888->23860 23890 4026ad __EH_prolog 23889->23890 23891 4026d4 GetDlgItem EnableWindow 23890->23891 23892 4026ea 23890->23892 23891->23892 23898 402738 23892->23898 24147 4020e2 8 API calls __EH_prolog 23892->24147 23893 40278e 23895 406110 RtlAllocateHeap 23893->23895 23897 402799 23895->23897 23896 402707 23896->23898 23899 402711 23896->23899 23901 408bb0 RtlAllocateHeap 23897->23901 23898->23893 24148 42929a RtlAllocateHeap 23898->24148 23900 402722 EndDialog PostQuitMessage 23899->23900 23902 402c0e 23900->23902 23903 4027a8 23901->23903 24178 40cb90 RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23902->24178 24102 4049b4 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23903->24102 23907 402c19 24179 40cb90 RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23907->24179 23908 4027ba 23911 408cf0 2 API calls 23908->23911 23909 402767 GetCurrentDirectoryA 23912 402786 23909->23912 23914 4027c5 23911->23914 23915 428ddf ctype 4 API calls 23912->23915 23913 402c25 23913->23867 23916 4029ed 23914->23916 23918 4027cd 23914->23918 23915->23893 24152 40231b 18 API calls __EH_prolog 23916->24152 23920 406110 RtlAllocateHeap 23918->23920 23919 40299f 23921 408c80 4 API calls 23919->23921 23929 4027ec 23920->23929 23922 402c02 23921->23922 23923 406400 ctype 4 API calls 23922->23923 23923->23902 23925 402a76 23927 408bb0 RtlAllocateHeap 23925->23927 23926 4029eb 23926->23919 23926->23925 24153 4065f0 5 API calls ctype 23926->24153 23928 402ab7 23927->23928 23932 408bb0 RtlAllocateHeap 23928->23932 23938 402c3b 23928->23938 23931 40283d 23929->23931 24149 406710 5 API calls ctype 23929->24149 23941 40287f 23931->23941 24150 406710 5 API calls ctype 23931->24150 23939 402ae3 23932->23939 23934 402c2c 23937 408c80 4 API calls 23934->23937 23935 406400 ctype 4 API calls 23935->23926 23937->23938 23942 406110 RtlAllocateHeap 23938->23942 23939->23934 24154 40b4f0 23939->24154 23954 4029a4 23941->23954 24103 40eeb0 23941->24103 23946 402cc5 23942->23946 23944 4028f3 23950 4028fe 23944->23950 23944->23954 23945 408bb0 RtlAllocateHeap 23956 402b72 23945->23956 23949 402d32 23946->23949 23951 4033e5 23946->23951 23952 402d05 SetDlgItemTextA GetDlgItem SendMessageA 23946->23952 23947 402b43 23947->23945 23948 408bb0 RtlAllocateHeap 23963 40292d 23948->23963 23949->23951 23957 402d3b 23949->23957 23950->23948 24201 4024ee 5 API calls __EH_prolog 23951->24201 23952->23949 23954->23935 23955 4033ee 23959 403400 MessageBoxA 23955->23959 24177 409030 GetACP RtlAllocateHeap 23956->24177 23960 408bb0 RtlAllocateHeap 23957->23960 23962 4033e3 23959->23962 23964 402d6e 23960->23964 23961 402bab MessageBoxW EndDialog PostQuitMessage 23966 408c80 4 API calls 23961->23966 23967 40b4f0 12 API calls 23962->23967 24151 409030 GetACP RtlAllocateHeap 23963->24151 24180 404a8a RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 23964->24180 23970 402bd5 23966->23970 23971 403416 23967->23971 23969 402d80 23973 408cf0 2 API calls 23969->23973 23974 408c80 4 API calls 23970->23974 24202 4024ee 5 API calls __EH_prolog 23971->24202 23972 402966 MessageBoxW EndDialog PostQuitMessage 23976 408c80 4 API calls 23972->23976 23987 402d8b 23973->23987 23977 402be4 23974->23977 23979 402990 23976->23979 23980 408c80 4 API calls 23977->23980 23978 40341f 23981 406400 ctype 4 API calls 23978->23981 23982 406400 ctype 4 API calls 23979->23982 23980->23919 23983 403430 23981->23983 23982->23919 23986 408c80 4 API calls 23983->23986 23984 4033ca 24200 4024ee 5 API calls __EH_prolog 23984->24200 23989 40343f 23986->23989 23987->23984 23988 408cf0 2 API calls 23987->23988 23990 402dca 23988->23990 23991 408c80 4 API calls 23989->23991 23990->23984 23992 402dd2 23990->23992 23994 40344e 23991->23994 23995 406110 RtlAllocateHeap 23992->23995 23993 408c80 4 API calls 23993->23962 23996 406400 ctype 4 API calls 23994->23996 23999 402ddd 23995->23999 23997 40345a 23996->23997 24203 40cb90 RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 23997->24203 24002 408bb0 RtlAllocateHeap 23999->24002 24000 403465 24204 40cb90 RtlFreeHeap VirtualFree VirtualFree HeapFree ctype 24000->24204 24003 402e03 24002->24003 24181 404aa4 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24003->24181 24005 402e15 24006 408cf0 2 API calls 24005->24006 24007 402e23 24006->24007 24008 402e32 24007->24008 24182 4093b0 7 API calls 24007->24182 24183 406710 5 API calls ctype 24008->24183 24011 402ec5 GetDlgItem 24012 402ee2 24011->24012 24013 402ed3 SendMessageA 24011->24013 24014 408bb0 RtlAllocateHeap 24012->24014 24013->24012 24016 402eed 24014->24016 24015 402e73 24015->24011 24017 402f17 24016->24017 24018 40305c 24016->24018 24021 402f31 24017->24021 24022 402f28 24017->24022 24019 408bb0 RtlAllocateHeap 24018->24019 24020 403067 24019->24020 24023 408bb0 RtlAllocateHeap 24020->24023 24185 4093b0 7 API calls 24021->24185 24184 4093b0 7 API calls 24022->24184 24030 403076 24023->24030 24026 402f2d 24186 40245a 20 API calls 2 library calls 24026->24186 24028 402f3e 24029 408bb0 RtlAllocateHeap 24028->24029 24031 402f4e 24029->24031 24033 408bb0 RtlAllocateHeap 24030->24033 24187 404871 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24031->24187 24034 4030b0 24033->24034 24039 4030d9 24034->24039 24067 403109 24034->24067 24035 402f65 24036 402f7f 24035->24036 24188 42936a GetCurrentProcess TerminateProcess ExitProcess 24035->24188 24189 4024ee 5 API calls __EH_prolog 24036->24189 24191 42929a RtlAllocateHeap 24039->24191 24040 40304d 24045 408c80 4 API calls 24040->24045 24042 4030e3 GetCurrentDirectoryA 24043 403103 24042->24043 24051 428ddf ctype 4 API calls 24043->24051 24044 402f88 24044->24040 24046 408bb0 RtlAllocateHeap 24044->24046 24049 40339b 24045->24049 24070 402fc4 24046->24070 24048 403185 24193 409030 GetACP RtlAllocateHeap 24048->24193 24052 408c80 4 API calls 24049->24052 24051->24067 24054 4033aa 24052->24054 24053 403196 24194 409030 GetACP RtlAllocateHeap 24053->24194 24056 408c80 4 API calls 24054->24056 24058 4033b9 24056->24058 24057 4031a7 ShellExecuteExW 24059 4031d2 24057->24059 24060 4032a9 24057->24060 24061 406400 ctype 4 API calls 24058->24061 24063 408bb0 RtlAllocateHeap 24059->24063 24198 4024ee 5 API calls __EH_prolog 24060->24198 24064 4033c8 24061->24064 24065 4031dd 24063->24065 24064->23993 24195 404871 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24065->24195 24192 409030 GetACP RtlAllocateHeap 24067->24192 24068 408bb0 RtlAllocateHeap 24085 4032e5 24068->24085 24069 4032b2 24069->24068 24190 409030 GetACP RtlAllocateHeap 24070->24190 24071 4031f4 24073 40320e 24071->24073 24196 42936a GetCurrentProcess TerminateProcess ExitProcess 24071->24196 24075 40322f WaitForSingleObject GetExitCodeProcess 24073->24075 24079 40327f 24073->24079 24077 403254 24075->24077 24076 403034 MessageBoxW 24078 408c80 4 API calls 24076->24078 24197 4024ee 5 API calls __EH_prolog 24077->24197 24078->24040 24081 408c80 4 API calls 24079->24081 24082 40336e 24081->24082 24083 408c80 4 API calls 24082->24083 24084 40337d 24083->24084 24086 408c80 4 API calls 24084->24086 24199 409030 GetACP RtlAllocateHeap 24085->24199 24087 40338c 24086->24087 24087->24040 24089 403355 MessageBoxW 24089->24079 24090->23856 24092 408d04 24091->24092 24093 408cfa 24091->24093 24095 408d12 24092->24095 24276 409030 GetACP RtlAllocateHeap 24092->24276 24093->23861 24095->23861 24096->23869 24097->23875 24098->23877 24099->23873 24100->23858 24101->23884 24102->23908 24205 406010 RtlAllocateHeap 24103->24205 24105 40f224 24106 406400 ctype 4 API calls 24105->24106 24107 40f235 24106->24107 24107->23944 24108 40eedf 24108->24105 24206 40ecc0 24108->24206 24110 40ef29 24111 40ef30 24110->24111 24118 40ef60 24110->24118 24111->24105 24218 42929a RtlAllocateHeap 24111->24218 24113 40ef4f 24114 406110 RtlAllocateHeap 24113->24114 24117 40f1f9 24113->24117 24114->24117 24115 40f0dc 24119 406400 ctype 4 API calls 24115->24119 24116 40ecc0 15 API calls 24143 40f0b0 24116->24143 24225 40cd70 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24117->24225 24120 40f00e 24118->24120 24121 40efce 24118->24121 24118->24143 24123 40f1b6 24119->24123 24122 40f01c 24120->24122 24120->24143 24125 40ecc0 15 API calls 24121->24125 24126 40ecc0 15 API calls 24122->24126 24123->23944 24127 40efda 24125->24127 24128 40f028 24126->24128 24129 40f088 24127->24129 24219 42929a RtlAllocateHeap 24127->24219 24128->24129 24220 42929a RtlAllocateHeap 24128->24220 24130 406400 ctype 4 API calls 24129->24130 24133 40f099 24130->24133 24133->23944 24134 40f173 24137 40ecc0 15 API calls 24134->24137 24135 40f000 24141 406110 RtlAllocateHeap 24135->24141 24144 40f05d 24135->24144 24139 40f17f 24137->24139 24138 406110 RtlAllocateHeap 24138->24143 24139->24115 24140 40f1cb 24139->24140 24140->24105 24224 42929a RtlAllocateHeap 24140->24224 24141->24144 24143->24115 24143->24116 24143->24134 24143->24138 24222 42929a RtlAllocateHeap 24143->24222 24223 40cd70 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24143->24223 24221 40cd70 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24144->24221 24147->23896 24148->23909 24149->23931 24150->23931 24151->23972 24152->23926 24153->23925 24155 408bb0 RtlAllocateHeap 24154->24155 24156 40b516 24155->24156 24274 4252d0 GetVersionExA 24156->24274 24158 40b54b 24159 40b576 24158->24159 24160 40b568 24158->24160 24162 408cf0 2 API calls 24159->24162 24275 4093b0 7 API calls 24160->24275 24164 40b57b 24162->24164 24163 40b56d SetCurrentDirectoryA 24167 40b5d0 24163->24167 24165 40b57f 24164->24165 24166 40b5d2 24164->24166 24168 408bb0 RtlAllocateHeap 24165->24168 24169 40b5db SetCurrentDirectoryW 24166->24169 24172 408c80 4 API calls 24167->24172 24170 40b58b 24168->24170 24169->24167 24171 40a2c0 5 API calls 24170->24171 24173 40b5a5 24171->24173 24174 402b37 24172->24174 24175 40b5b4 SetCurrentDirectoryW 24173->24175 24174->23934 24174->23947 24176 408c80 4 API calls 24175->24176 24176->24167 24177->23961 24178->23907 24179->23913 24180->23969 24181->24005 24182->24008 24183->24015 24184->24026 24185->24026 24186->24028 24187->24035 24188->24036 24189->24044 24190->24076 24191->24042 24192->24048 24193->24053 24194->24057 24195->24071 24196->24073 24197->24079 24198->24069 24199->24089 24200->24064 24201->23955 24202->23978 24203->24000 24204->23913 24205->24108 24207 40ecf2 24206->24207 24208 40ed0b 24206->24208 24207->24110 24209 40ed11 24208->24209 24210 408bb0 RtlAllocateHeap 24208->24210 24209->24110 24211 40ed80 24210->24211 24226 408e00 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24211->24226 24213 40ed95 24227 40b350 24213->24227 24216 408c80 4 API calls 24217 40edc7 24216->24217 24217->24110 24218->24113 24219->24135 24220->24135 24221->24129 24222->24143 24223->24143 24224->24113 24225->24105 24226->24213 24228 408bb0 RtlAllocateHeap 24227->24228 24229 40b377 24228->24229 24258 4252d0 GetVersionExA 24229->24258 24231 40b3ac 24232 40b3c5 24231->24232 24233 40b3db 24231->24233 24269 4093b0 7 API calls 24232->24269 24235 408cf0 2 API calls 24233->24235 24237 40b3e4 24235->24237 24236 40b3d0 24270 40ca00 CreateDirectoryA 24236->24270 24238 40b3e8 24237->24238 24239 40b43d 24237->24239 24241 408bb0 RtlAllocateHeap 24238->24241 24244 40b448 CreateDirectoryW 24239->24244 24243 40b3f4 24241->24243 24242 40b3d6 24248 40b43b 24242->24248 24259 40a2c0 24243->24259 24244->24248 24246 40b40e 24250 40b41f CreateDirectoryW 24246->24250 24247 40b4a1 24253 408c80 4 API calls 24247->24253 24248->24247 24249 406110 RtlAllocateHeap 24248->24249 24251 40b46a 24249->24251 24252 408c80 4 API calls 24250->24252 24271 406d00 GetLastError LocalFree FormatMessageA 24251->24271 24252->24248 24255 40b4cf 24253->24255 24255->24216 24256 40b47b 24257 406400 ctype 4 API calls 24256->24257 24257->24247 24258->24231 24260 408bb0 RtlAllocateHeap 24259->24260 24261 40a2e5 24260->24261 24262 40a348 24261->24262 24263 40a329 24261->24263 24266 40a33c 24261->24266 24273 408e00 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24262->24273 24272 408e00 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24263->24272 24267 408c80 4 API calls 24266->24267 24268 40a390 24267->24268 24268->24246 24269->24236 24270->24242 24271->24256 24272->24266 24273->24266 24274->24158 24275->24163 24276->24095 24277 403c4f LoadStringA 24278 403cd1 PostQuitMessage 24277->24278 24279 403c76 24277->24279 24282 403cd9 24278->24282 24280 403cb5 BeginPaint EndPaint 24279->24280 24281 403c7b 24279->24281 24280->24282 24283 403c82 DefWindowProcA 24281->24283 24285 403caa DestroyWindow 24281->24285 24283->24282 24285->24282 24286 40ad10 24287 408cf0 2 API calls 24286->24287 24288 40ad57 24287->24288 24289 408bb0 RtlAllocateHeap 24288->24289 24317 40ad5b 24288->24317 24290 40ad81 24289->24290 24291 408cf0 2 API calls 24290->24291 24292 40adac 24291->24292 24319 4252d0 GetVersionExA 24292->24319 24294 40adba 24295 40ae03 24294->24295 24320 4091a0 GetACP GetACP RtlAllocateHeap 24294->24320 24296 40ae07 24295->24296 24297 40ae5a 24295->24297 24299 408bb0 RtlAllocateHeap 24296->24299 24324 409030 GetACP RtlAllocateHeap 24297->24324 24302 40ae13 24299->24302 24300 40add4 24300->24295 24303 40ade8 24300->24303 24305 40a2c0 5 API calls 24302->24305 24321 4093b0 7 API calls 24303->24321 24304 40ae63 GetFileAttributesW 24314 40adf7 24304->24314 24307 40ae2d 24305->24307 24323 409030 GetACP RtlAllocateHeap 24307->24323 24308 40adf1 24322 40ca40 GetFileAttributesA 24308->24322 24309 40ae71 GetLastError 24310 40ae7a 24309->24310 24315 408c80 4 API calls 24310->24315 24313 40ae3c GetFileAttributesW 24316 408c80 4 API calls 24313->24316 24314->24309 24314->24310 24315->24317 24318 40ae58 24316->24318 24318->24314 24319->24294 24320->24300 24321->24308 24322->24314 24323->24313 24324->24304 24325 40e510 24326 40e537 ctype 24325->24326 24327 406110 RtlAllocateHeap 24326->24327 24328 40e540 24327->24328 24333 40c5f0 24328->24333 24330 40e575 ctype 24331 406400 ctype 4 API calls 24330->24331 24332 40e592 24331->24332 24334 408bb0 RtlAllocateHeap 24333->24334 24335 40c615 24334->24335 24342 408da0 RtlAllocateHeap RtlFreeHeap VirtualFree VirtualFree HeapFree 24335->24342 24337 40c631 24343 40c690 24337->24343 24339 40c653 24340 408c80 4 API calls 24339->24340 24341 40c66c 24340->24341 24341->24330 24342->24337 24344 408cf0 2 API calls 24343->24344 24346 40c6b6 24344->24346 24345 40c6ba 24345->24339 24346->24345 24351 40c880 27 API calls 24346->24351 24348 40c6f6 24350 40c6fd 24348->24350 24352 41fb50 24348->24352 24350->24339 24351->24348 24355 41fb75 24352->24355 24353 41fb79 24353->24350 24354 41fbe8 WriteFile 24354->24355 24356 41fc7b 24354->24356 24355->24353 24355->24354 24355->24356 24363 42a681 6 API calls 24355->24363 24356->24353 24358 406110 RtlAllocateHeap 24356->24358 24359 41fc8c 24358->24359 24364 406d00 GetLastError LocalFree FormatMessageA 24359->24364 24361 41fc9d 24362 406400 ctype 4 API calls 24361->24362 24362->24353 24363->24355 24364->24361 24365 41e7d0 24374 41e7b0 CryptAcquireContextA 24365->24374 24367 41e7f1 24373 41e84b 24367->24373 24375 41e7b0 CryptAcquireContextA 24367->24375 24369 41e80f 24369->24373 24376 41e7b0 CryptAcquireContextA 24369->24376 24371 41e82d 24371->24373 24377 41e7b0 CryptAcquireContextA 24371->24377 24374->24367 24375->24369 24376->24371 24377->24373 24378 41f970 24379 41f982 24378->24379 24380 41fa0c 24378->24380 24382 41f9ab SetFilePointer 24379->24382 24383 41fa20 24380->24383 24390 42a3a2 SetFilePointer GetLastError 24380->24390 24382->24383 24384 41f9c9 24382->24384 24384->24383 24385 41f9d5 GetLastError 24384->24385 24386 41f9ea 24385->24386 24389 425480 7 API calls ctype 24386->24389 24388 41f9f2 24389->24388 24390->24383 24391 41fa70 24392 41fb0a 24391->24392 24393 41fa94 24391->24393 24393->24392 24394 41faf9 24393->24394 24395 41faa8 ReadFile 24393->24395 24394->24392 24404 42a599 7 API calls 24394->24404 24396 41fae7 24395->24396 24397 41fab8 GetLastError 24395->24397 24399 41fad0 24397->24399 24400 41fac3 24397->24400 24399->24392 24403 425480 7 API calls ctype 24399->24403 24402 41fade 24403->24402 24404->24392 24405 423570 24406 42359c 24405->24406 24408 4235b0 24406->24408 24409 436240 24406->24409 24410 43625d 24409->24410 24411 4362b6 24410->24411 24426 43421c 40 API calls 2 library calls 24410->24426 24411->24408 24413 4362d5 24413->24411 24414 436493 24413->24414 24417 436343 24413->24417 24418 436448 24413->24418 24415 4364e5 24414->24415 24416 43649c 24414->24416 24431 4361ba 28 API calls 24415->24431 24430 43602b 31 API calls 24416->24430 24417->24411 24425 436380 24417->24425 24427 4348b9 40 API calls 2 library calls 24417->24427 24418->24414 24421 436451 24418->24421 24429 43618b 37 API calls 24421->24429 24425->24411 24428 43602b 31 API calls 24425->24428 24426->24413 24427->24425 24428->24411 24429->24411 24430->24411 24431->24411 24432 4294f4 GetVersion 24447 42d40d HeapCreate 24432->24447 24434 429553 24456 42d0ed 24434->24456 24436 429568 GetCommandLineA 24468 42cfbb 24436->24468 24440 429582 24497 42ccb5 24440->24497 24442 429587 24443 42958c GetStartupInfoA 24442->24443 24444 42959e 24443->24444 24445 4295b0 GetModuleHandleA 24444->24445 24446 401443 24445->24446 24448 42d463 24447->24448 24449 42d42d 24447->24449 24448->24434 24505 42d2c5 8 API calls 24449->24505 24451 42d432 24454 42d446 24451->24454 24506 42f0ed HeapAlloc 24451->24506 24453 42d466 24453->24434 24454->24453 24455 42d457 HeapDestroy 24454->24455 24455->24448 24507 42ac3f 24456->24507 24458 42d141 GetStartupInfoA 24464 42d21d 24458->24464 24467 42d158 24458->24467 24459 42d0fe 24459->24458 24460 42d244 GetStdHandle 24462 42d252 GetFileType 24460->24462 24460->24464 24461 42d284 SetHandleCount 24461->24436 24462->24464 24463 42ac3f RtlAllocateHeap 24463->24467 24464->24460 24464->24461 24465 42d1c9 24465->24464 24466 42d1eb GetFileType 24465->24466 24466->24465 24467->24463 24467->24464 24467->24465 24469 42cfd6 GetEnvironmentStringsW 24468->24469 24470 42d009 24468->24470 24471 42cfea GetEnvironmentStrings 24469->24471 24472 42cfde 24469->24472 24470->24472 24473 42cffa 24470->24473 24471->24473 24474 429578 24471->24474 24475 42d022 WideCharToMultiByte 24472->24475 24476 42d016 GetEnvironmentStringsW 24472->24476 24473->24474 24477 42d0a8 24473->24477 24478 42d09c GetEnvironmentStrings 24473->24478 24491 42cd6e 24474->24491 24480 42d056 24475->24480 24481 42d088 FreeEnvironmentStringsW 24475->24481 24476->24474 24476->24475 24482 42ac3f RtlAllocateHeap 24477->24482 24478->24474 24478->24477 24483 42ac3f RtlAllocateHeap 24480->24483 24481->24474 24487 42d0c3 24482->24487 24484 42d05c 24483->24484 24484->24481 24485 42d065 WideCharToMultiByte 24484->24485 24488 42d076 24485->24488 24489 42d07f 24485->24489 24486 42d0d9 FreeEnvironmentStringsA 24486->24474 24487->24486 24490 42b1a5 ctype 4 API calls 24488->24490 24489->24481 24490->24489 24492 42cd80 24491->24492 24493 42cd85 GetModuleFileNameA 24491->24493 24492->24493 24494 42cda8 24493->24494 24495 42ac3f RtlAllocateHeap 24494->24495 24496 42cdc9 24495->24496 24496->24440 24498 42ccc2 24497->24498 24499 42ac3f RtlAllocateHeap 24498->24499 24504 42ccf4 24499->24504 24500 42cd4b 24501 42b1a5 ctype 4 API calls 24500->24501 24502 42cd57 24501->24502 24502->24442 24503 42ac3f RtlAllocateHeap 24503->24504 24504->24500 24504->24503 24505->24451 24506->24454 24510 42ac51 24507->24510 24511 42ac4e 24510->24511 24513 42ac58 24510->24513 24511->24459 24513->24511 24514 42ac7d 24513->24514 24515 42ac8c 24514->24515 24516 42ace0 RtlAllocateHeap 24515->24516 24517 42ac9f 24515->24517 24516->24517 24517->24513 24518 429558 24519 42955f 24518->24519 24520 42d0ed 6 API calls 24519->24520 24521 429568 GetCommandLineA 24520->24521 24522 42cfbb 13 API calls 24521->24522 24523 429578 24522->24523 24524 42cd6e 2 API calls 24523->24524 24525 429582 24524->24525 24526 42ccb5 5 API calls 24525->24526 24527 429587 24526->24527 24528 42958c GetStartupInfoA 24527->24528 24529 42959e 24528->24529 24530 4295b0 GetModuleHandleA 24529->24530 24531 401443 24530->24531

                    Executed Functions

                    Function 0041E7B0 Relevance: 1.5, APIs: 1, Instructions: 12encryptionCOMMON
                    Download Yara Rule
                    APIs
                    • CryptAcquireContextA.ADVAPI32(?,?,?,004730C0,00000000,0041E7F1,?,00000000,Microsoft Base Cryptographic Provider v1.0,00000001,F0000000,?,00427659,00000004,?,00000000), ref: 0041E7C9
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AcquireContextCrypt
                    • String ID:
                    • API String ID: 3951991833-0
                    • Opcode ID: 7427becb4b003a3235c2e65e207fed10ceec9d33bc91e40d32ef770f8bc63b55
                    • Instruction ID: e145ccc705712d62992d560599be83a3039ff32a6d00b94294bebdbd721a00c3
                    • Opcode Fuzzy Hash: 7427becb4b003a3235c2e65e207fed10ceec9d33bc91e40d32ef770f8bc63b55
                    • Instruction Fuzzy Hash: F7D0EAB9218341BF9A08CF58D994D2BB3E9FBC8751F10C90CB5A983254C630EC04CB36
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00430B40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNELBASE(Function_00030AFA), ref: 00430B45
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: 1de97cff35d6cef672c5c7499e2f4fe26b02148801d551b3efa01f631ec1dc1c
                    • Instruction ID: e50769993c1458048a5a4307485e23acf3cf39a26700e626328b481476cfd6e3
                    • Opcode Fuzzy Hash: 1de97cff35d6cef672c5c7499e2f4fe26b02148801d551b3efa01f631ec1dc1c
                    • Instruction Fuzzy Hash: A1A022F00803808F83002F20FC083083B30B228F03B2000FAE003C02BACFB002C8AA0C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401C2B Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 145COMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 63%
                    			E00401C2B(long __ebx) {
				void* _t23;
				intOrPtr _t24;
				signed int _t26;
				void* _t29;
				intOrPtr _t30;
				char _t31;
				void* _t32;
				intOrPtr _t38;
				void* _t46;
				long _t58;
				void* _t82;
				struct HWND__* _t83;
				void* _t86;
				void* _t89;
				void* _t91;
				void* _t96;
				void* _t97;

				_t58 = __ebx;
				_push( *((intOrPtr*)(_t89 + 0x10)));
				L00401606(__ebx, _t82, _t83, _t86, _t96);
				_t97 =  *0x4726e0 - _t58; // 0x0
				if(_t97 != 0) {
					E00408BB0(_t89 - 0x94, _t97);
					_push(_t89 - 0x94);
					 *(_t89 - 4) = __ebx;
					E00404871(0x472498, "VersionCreatedBy");
					_t46 = E00408CF0(_t89 - 0x94, _t82);
					_t98 = _t46;
					if(_t46 == 0) {
						E00408E00(_t89 - 0x94, "prior to 14.3.0");
					}
					E00429235(_t58, _t82,  *0x4726e0, "Created by version %s\r\n", L004097D0(_t89 - 0x94, _t82));
					E00408D40(_t89 - 0x94, _t98);
					E00404899(0x472498, _t89 - 0x94);
					E00429235(_t58, _t82,  *0x4726e0, "%s\r\n", "Feb  3 2011");
					E00429235(_t58, _t82,  *0x4726e0, "%s\r\n", L004097D0(_t89 - 0x94, _t82));
					E00401558(_t58, _t89 - 0x94, _t82, 2);
					 *(_t89 - 4) =  *(_t89 - 4) | 0xffffffff;
					_t91 = _t91 + 0x28;
					E00408C80(_t89 - 0x94);
					_t83 =  *(_t89 + 8);
				}
				_t23 = E00404A68(0x472498);
				_t100 = _t23;
				if(_t23 != 0 || E004048ED(0x472498, _t100) == 0) {
					_t24 =  *0x4726e0; // 0x0
					__eflags = _t24 - _t58;
					if(_t24 != _t58) {
						_push("Showing main dialog...\r\n");
						_push(_t24);
						E00429235(_t58, _t82);
					}
					DialogBoxParamW( *0x472494, 0x81, _t83, E004034B6, _t58);
					_t26 = 1;
				} else {
					_t29 = E00404A5A(0x472498);
					_t30 =  *0x4726e0; // 0x0
					if(_t29 == 0) {
						__eflags = _t30 - _t58;
						if(__eflags != 0) {
							_push("Automatically unzipping...\r\n");
							_push(_t30);
							E00429235(_t58, _t82);
						}
						_push(_t83); // executed
						_t31 = E004026A3(_t82, __eflags); // executed
						 *((char*)(_t89 + 0xb)) = _t31;
						_t32 = E00404A38(0x472498);
						__eflags = _t32;
						if(_t32 != 0) {
							DialogBoxParamW( *0x472494, 0x8b, _t83, 0x403ab6, _t58);
						}
						 *( *(_t89 + 0x14)) = 1;
						__eflags =  *((intOrPtr*)(_t89 + 0xb)) - _t58;
						_t26 = 0 |  *((intOrPtr*)(_t89 + 0xb)) != _t58;
					} else {
						if(_t30 != _t58) {
							_push("Showing progress dialog...\r\n");
							_push(_t30);
							E00429235(_t58, _t82);
							E00401558(_t58, 0x472498, _t82, 3);
							_t91 = _t91 + 0xc;
						}
						DialogBoxParamW( *0x472494, 0x8c, _t83, 0x403f3e, _t58);
						_t38 =  *0x4726e0; // 0x0
						if(_t38 != _t58) {
							_push("Created progress dialog...\r\n");
							_push(_t38);
							E00429235(_t58, _t82);
							E00401558(_t58, 0x472498, _t82, 4);
						}
						_t26 = 1;
						 *( *(_t89 + 0x14)) = _t26;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
				return _t26;
			}




















                    0x00401c2b
                    0x00401c2b
                    0x00401c2e
                    0x00401c33
                    0x00401c40
                    0x00401c4c
                    0x00401c59
                    0x00401c5f
                    0x00401c62
                    0x00401c6d
                    0x00401c72
                    0x00401c74
                    0x00401c81
                    0x00401c81
                    0x00401c9d
                    0x00401cab
                    0x00401cb9
                    0x00401ccf
                    0x00401cea
                    0x00401cf1
                    0x00401cf6
                    0x00401cfa
                    0x00401d03
                    0x00401d08
                    0x00401d08
                    0x00401d0d
                    0x00401d12
                    0x00401d14
                    0x00401de0
                    0x00401de5
                    0x00401de7
                    0x00401de9
                    0x00401dee
                    0x00401def
                    0x00401df5
                    0x00401e08
                    0x00401e10
                    0x00401d29
                    0x00401d2b
                    0x00401d32
                    0x00401d37
                    0x00401d92
                    0x00401d94
                    0x00401d96
                    0x00401d9b
                    0x00401d9c
                    0x00401da2
                    0x00401da3
                    0x00401da4
                    0x00401daa
                    0x00401daf
                    0x00401db4
                    0x00401db6
                    0x00401dca
                    0x00401dca
                    0x00401dd3
                    0x00401dd8
                    0x00401ddb
                    0x00401d39
                    0x00401d3b
                    0x00401d3d
                    0x00401d42
                    0x00401d43
                    0x00401d4a
                    0x00401d4f
                    0x00401d4f
                    0x00401d64
                    0x00401d6a
                    0x00401d71
                    0x00401d73
                    0x00401d78
                    0x00401d79
                    0x00401d80
                    0x00401d85
                    0x00401d8d
                    0x00401d8e
                    0x00401d8e
                    0x00401d37
                    0x00401e17
                    0x00401e1f

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: DialogParam
                    • String ID: %s$Automatically unzipping...$Created by version %s$Created progress dialog...$Feb 3 2011$Showing main dialog...$Showing progress dialog...$VersionCreatedBy$prior to 14.3.0
                    • API String ID: 665744214-121228781
                    • Opcode ID: f9818409be4c2a5ddaac504b6b6f0a75019346c7c23fa91c3a758a9905e59f1f
                    • Instruction ID: 34e6d554274bee6b936b7b99d818261e8629579d0ea9ee6ef811ec80b7712a42
                    • Opcode Fuzzy Hash: f9818409be4c2a5ddaac504b6b6f0a75019346c7c23fa91c3a758a9905e59f1f
                    • Instruction Fuzzy Hash: CA41D371A00204AADB10BF21ED83FAE3729AB40744F1404BFF90DB65E3DA7C5E458A2D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00401483 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 70 401483-401488 71 4014a8-4014b2 70->71 72 40148a-401491 70->72 75 4014c3-4014c5 71->75 76 4014b4-4014b6 71->76 73 4014a0-4014a3 72->73 74 401493-40149f call 429235 72->74 78 401551-401555 73->78 74->73 81 4014c7-4014d9 call 429235 call 401558 75->81 82 4014dc-4014e8 75->82 79 40154c 76->79 80 4014bc-4014c1 76->80 79->78 85 40151a-401546 call 429235 * 2 call 4291df 80->85 81->82 83 4014e9-4014ed GetMessageA 82->83 87 40150c-401513 83->87 88 4014ef-40150a TranslateMessage DispatchMessageA 83->88 85->79 87->79 91 401515 87->91 88->83 91->85
                    APIs
                    Strings
                    • InitInstance failed., xrefs: 00401493
                    • Return from WinMain without entering message loop..., xrefs: 004014BC
                    • Initialization finished., xrefs: 004014C7
                    • Closing log from WinMain., xrefs: 00401515
                    • exitCode = %d, xrefs: 00401528
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: Message$DispatchTranslate
                    • String ID: Closing log from WinMain.$InitInstance failed.$Initialization finished.$Return from WinMain without entering message loop...$exitCode = %d
                    • API String ID: 1706434739-3765791386
                    • Opcode ID: 9f822511066e889a934f93468112cac023522f2b5a6fc87ffa3289ca129d35bf
                    • Instruction ID: 2db659d28f4b56b0ffed103530e0501a1cade9dd92252d45a31a54cdc83314c9
                    • Opcode Fuzzy Hash: 9f822511066e889a934f93468112cac023522f2b5a6fc87ffa3289ca129d35bf
                    • Instruction Fuzzy Hash: 6D11A2B2A00205BEDB00AFE5ACC5E6B376CE744348B544437F50AF61B2E6BCDD448A2C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00403C4F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 99 403c4f-403c74 LoadStringA 100 403cd1-403cd3 PostQuitMessage 99->100 101 403c76-403c79 99->101 104 403cd9 100->104 102 403cb5-403ccf BeginPaint EndPaint 101->102 103 403c7b-403c80 101->103 102->104 105 403c82-403c88 103->105 106 403c96-403c9b 103->106 107 403cdb-403cdc 104->107 108 403c8b-403c94 DefWindowProcA 105->108 109 403caa-403cb3 DestroyWindow 106->109 110 403c9d-403ca8 106->110 108->107 109->104 110->108
                    C-Code - Quality: 43%
                    			E00403C4F(struct HWND__* _a4, intOrPtr _a8, short _a12, intOrPtr _a16) {
				struct tagPAINTSTRUCT _v68;
				char _v168;
				intOrPtr _t19;
				void* _t21;
				long _t28;

				LoadStringA( *0x472494, 0x6a,  &_v168, 0x64);
				_t19 = _a8;
				if(_t19 == 0) {
					PostQuitMessage(0);
					L10:
					return 0;
				}
				_t21 = _t19 - 0xd;
				if(_t21 == 0) {
					BeginPaint(_a4,  &_v68);
					EndPaint(_a4,  &_v68);
					goto L10;
				}
				if(_t21 == 0x102) {
					if(_a12 == 0x69) {
						DestroyWindow(_a4);
						goto L10;
					}
					_push(_a16);
					_push(_a12);
					_push(0x111);
					L4:
					_t28 = DefWindowProcA(_a4, ??, ??, ??); // executed
					return _t28;
				}
				_push(_a16);
				_push(_a12);
				_push(_a8);
				goto L4;
			}








                    0x00403c69
                    0x00403c73
                    0x00403c74
                    0x00403cd3
                    0x00403cd9
                    0x00000000
                    0x00403cd9
                    0x00403c76
                    0x00403c79
                    0x00403cbc
                    0x00403cc9
                    0x00000000
                    0x00403cc9
                    0x00403c80
                    0x00403c9b
                    0x00403cad
                    0x00000000
                    0x00403cad
                    0x00403c9d
                    0x00403ca0
                    0x00403ca3
                    0x00403c8b
                    0x00403c8e
                    0x00000000
                    0x00403c8e
                    0x00403c82
                    0x00403c85
                    0x00403c88
                    0x00000000

                    APIs
                    • LoadStringA.USER32 ref: 00403C69
                    • DefWindowProcA.USER32(?,00000111,00000069,?), ref: 00403C8E
                    • DestroyWindow.USER32(?), ref: 00403CAD
                    • BeginPaint.USER32(?,?), ref: 00403CBC
                    • EndPaint.USER32(?,?), ref: 00403CC9
                    • PostQuitMessage.USER32(00000000), ref: 00403CD3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: PaintWindow$BeginDestroyLoadMessagePostProcQuitString
                    • String ID: i
                    • API String ID: 1888415872-3865851505
                    • Opcode ID: 6049d90eeac3ba37ca2fc134ac99075173c2cddd2e5f2ab6f8362f8c67bc8e3d
                    • Instruction ID: 2c96e473b937b837e8ed1b125959427b6bf04bb802de05d623645547c5d76d55
                    • Opcode Fuzzy Hash: 6049d90eeac3ba37ca2fc134ac99075173c2cddd2e5f2ab6f8362f8c67bc8e3d
                    • Instruction Fuzzy Hash: 91011B36208609FBEF119F50DD09AA93F39FB08302F044031FA16F40B1C775DA61AB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041F970 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 111 41f970-41f97c 112 41f982-41f9c7 call 41f4c0 SetFilePointer 111->112 113 41fa0c-41fa11 111->113 120 41fa27-41fa2f 112->120 121 41f9c9-41f9cf 112->121 114 41fa13-41fa25 call 42a3a2 113->114 115 41fa58-41fa60 113->115 114->120 123 41fa32-41fa38 114->123 121->115 122 41f9d5-41fa09 GetLastError call 425480 121->122 123->115 124 41fa3a-41fa53 123->124 124->115
                    C-Code - Quality: 100%
                    			E0041F970(void* __ecx, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				long _v4;
				long _v8;
				long _t29;
				long _t30;
				intOrPtr _t36;
				intOrPtr _t49;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t53;
				intOrPtr* _t54;

				_t51 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0xffffffff) {
					_t52 =  *((intOrPtr*)(__ecx + 8));
					if( *((intOrPtr*)(__ecx + 8)) == 0) {
						goto L9;
					} else {
						_t49 = _a4;
						if(E0042A3A2(_t52, _t49, 1) != 0) {
							_t53 = _a12;
							if(_t53 != 0) {
								 *((intOrPtr*)( *_t53 + 0x10))("Failed to fseek to relative file position");
								 *((intOrPtr*)( *_t53 + 0x30))("position", _t49, _a4);
							}
							goto L9;
						} else {
							goto L6;
						}
					}
				} else {
					_t50 = _a8;
					_t36 = _a4;
					_v4 = 0;
					_v8 = 0;
					E0041F4C0(_t36, _t50,  &_v4,  &_v8);
					_t29 = SetFilePointer( *(_t51 + 4), _v4,  &_v8, 1); // executed
					if(_t29 != 0xffffffff) {
						L6:
						return 1;
					} else {
						_t54 = _a12;
						if(_t54 == 0) {
							L9:
							return 0;
						} else {
							_t30 = GetLastError();
							 *((intOrPtr*)( *_t54 + 0x10))("Failed to SetFilePointer to relative file position", __ebp);
							E00425480(_t54, _t30);
							 *((intOrPtr*)( *_t54 + 0x30))("position", _t36, _t50);
							return 0;
						}
					}
				}
			}













                    0x0041f975
                    0x0041f97c
                    0x0041fa0c
                    0x0041fa11
                    0x00000000
                    0x0041fa13
                    0x0041fa13
                    0x0041fa25
                    0x0041fa32
                    0x0041fa38
                    0x0041fa43
                    0x0041fa55
                    0x0041fa55
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0041fa25
                    0x0041f982
                    0x0041f982
                    0x0041f986
                    0x0041f996
                    0x0041f99e
                    0x0041f9a6
                    0x0041f9be
                    0x0041f9c7
                    0x0041fa29
                    0x0041fa2f
                    0x0041f9c9
                    0x0041f9c9
                    0x0041f9cf
                    0x0041fa5a
                    0x0041fa60
                    0x0041f9d5
                    0x0041f9d6
                    0x0041f9e7
                    0x0041f9ed
                    0x0041f9fd
                    0x0041fa09
                    0x0041fa09
                    0x0041f9cf
                    0x0041f9c7

                    APIs
                    • SetFilePointer.KERNELBASE(000000FF,00000000,?,00000001,?,?), ref: 0041F9BE
                    • GetLastError.KERNEL32 ref: 0041F9D6
                    Strings
                    • Failed to fseek to relative file position, xrefs: 0041FA3C
                    • Failed to SetFilePointer to relative file position, xrefs: 0041F9DE
                    • position, xrefs: 0041F9F6, 0041FA4E
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ErrorFileLastPointer
                    • String ID: Failed to SetFilePointer to relative file position$Failed to fseek to relative file position$position
                    • API String ID: 2976181284-2424401078
                    • Opcode ID: 24f887470a5f5701cf408859558565b95f33cb34557fc3202648c70d7074f9fc
                    • Instruction ID: 44eae5dc3700958553759d1b5d69d600dbb8eb23244479269a9682d2a1c42288
                    • Opcode Fuzzy Hash: 24f887470a5f5701cf408859558565b95f33cb34557fc3202648c70d7074f9fc
                    • Instruction Fuzzy Hash: 4F21BF316003109BC614DF05D845EABB3A8FFC4B25F144A1EFC9857281D779AD8A8BE5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041FB50 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 130 41fb50-41fb77 call 41f630 133 41fb92-41fb9c 130->133 134 41fb79-41fb7f 130->134 137 41fbab-41fbb7 133->137 138 41fb9e-41fba4 133->138 135 41fb81-41fb83 134->135 136 41fb8b-41fb8d 134->136 135->136 139 41fc66-41fc78 136->139 140 41fc64 137->140 141 41fbbd 137->141 138->137 140->139 142 41fbc1-41fbc7 141->142 143 41fbc9 142->143 144 41fbda 142->144 146 41fbd3-41fbd8 143->146 147 41fbcb-41fbd1 143->147 145 41fbdc-41fbe6 144->145 148 41fbe8-41fc02 WriteFile 145->148 149 41fc0e-41fc13 145->149 146->145 147->144 147->146 150 41fc04-41fc0a 148->150 151 41fc7b-41fc81 148->151 152 41fc31-41fc46 149->152 153 41fc15-41fc25 call 42a681 149->153 150->151 154 41fc0c 150->154 158 41fc83-41fcbf call 406110 call 406d00 call 446f00 call 406400 151->158 159 41fcc4-41fcc6 151->159 156 41fc56-41fc5e 152->156 157 41fc48-41fc53 152->157 163 41fcc8-41fcce 153->163 164 41fc2b-41fc2d 153->164 154->152 156->140 156->142 157->156 158->159 159->139 166 41fcd0-41fcd2 163->166 167 41fcda-41fcdc 163->167 164->152 166->167 167->139
                    C-Code - Quality: 93%
                    			E0041FB50(intOrPtr __ecx, void* __eflags, void* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				struct _OVERLAPPED* _v4;
				intOrPtr _v12;
				char _v52;
				intOrPtr _v56;
				long _v60;
				void* _t37;
				void* _t39;
				signed int _t40;
				void* _t44;
				signed int _t46;
				void* _t55;
				intOrPtr _t61;
				signed int _t64;
				signed int _t70;
				long _t71;
				signed int _t75;
				long _t80;
				signed int _t82;
				signed int _t84;
				signed int _t86;
				intOrPtr _t88;
				void* _t89;

				_push(0xffffffff);
				_push(0x44f7e8);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t88;
				_t89 = _t88 - 0x30;
				_v56 = __ecx;
				if(L0041F630(__ecx) != 0) {
					_t75 = _a16;
					_t55 = _a4;
					__eflags = _t75;
					if(_t75 != 0) {
						 *_t75 = 0;
						 *(_t75 + 4) = 0;
					}
					_t86 = _a8;
					__eflags = _t86 | _a12;
					if((_t86 | _a12) == 0) {
						L23:
						_t37 = 1;
						goto L24;
					} else {
						_t71 = _v60;
						do {
							__eflags = _a12;
							if(__eflags < 0) {
								L12:
								_t80 = _t86;
								L13:
								_t61 = _v56;
								_t39 =  *(_t61 + 4);
								__eflags = _t39 - 0xffffffff;
								if(_t39 == 0xffffffff) {
									_t40 =  *(_t61 + 8);
									__eflags = _t40;
									if(_t40 == 0) {
										goto L20;
									}
									_t44 = E0042A681(_t55, _t80, 1, _t40);
									_t89 = _t89 + 0x10;
									__eflags = _t44 - 1;
									if(_t44 != 1) {
										_t64 = _a20;
										__eflags = _t64;
										if(_t64 != 0) {
											 *((intOrPtr*)( *_t64 + 0x10))("fwrite failed.");
										}
										_t37 = 0;
										L24:
										 *[fs:0x0] = _v12;
										return _t37;
									}
									_t71 = _t80;
									_v60 = _t71;
									goto L20;
								}
								_v60 = 0;
								_t46 = WriteFile(_t39, _t55, _t80,  &_v60, 0); // executed
								__eflags = _t46;
								if(_t46 == 0) {
									L25:
									_t82 = _a20;
									__eflags = _t82;
									if(__eflags != 0) {
										E00406110( &_v52, __eflags);
										_v4 = 0;
										E00406D00( &_v52);
										 *((intOrPtr*)( *_t82 + 0x28))("WriteFileError", E00446F00( &_v52));
										_v12 = 0xffffffff;
										E00406400( &_v60);
									}
									_t37 = 0;
									goto L24;
								}
								_t71 = _v60;
								__eflags = _t71 - _t80;
								if(_t71 != _t80) {
									goto L25;
								}
								goto L20;
							}
							if(__eflags > 0) {
								L11:
								_t80 = 0x989680;
								goto L13;
							}
							__eflags = _t86 - 0x989680;
							if(_t86 <= 0x989680) {
								goto L12;
							}
							goto L11;
							L20:
							_t55 = _t55 + _t80;
							_t86 = _t86 - _t80;
							asm("sbb esi, eax");
							__eflags = _t75;
							if(_t75 != 0) {
								_t84 =  *_t75 + _t71;
								__eflags = _t84;
								 *_t75 = _t84;
								asm("adc ecx, eax");
							}
							__eflags = _t86 | _a12;
						} while ((_t86 | _a12) != 0);
						goto L23;
					}
				}
				_t70 = _a20;
				if(_t70 != 0) {
					 *((intOrPtr*)( *_t70 + 0x10))("Failed to write because file is not open.");
				}
				_t37 = 0;
				goto L24;
			}

























                    0x0041fb50
                    0x0041fb52
                    0x0041fb5d
                    0x0041fb5e
                    0x0041fb65
                    0x0041fb6c
                    0x0041fb77
                    0x0041fb92
                    0x0041fb96
                    0x0041fb9a
                    0x0041fb9c
                    0x0041fb9e
                    0x0041fba4
                    0x0041fba4
                    0x0041fbab
                    0x0041fbb5
                    0x0041fbb7
                    0x0041fc64
                    0x0041fc64
                    0x00000000
                    0x0041fbbd
                    0x0041fbbd
                    0x0041fbc1
                    0x0041fbc5
                    0x0041fbc7
                    0x0041fbda
                    0x0041fbda
                    0x0041fbdc
                    0x0041fbdc
                    0x0041fbe0
                    0x0041fbe3
                    0x0041fbe6
                    0x0041fc0e
                    0x0041fc11
                    0x0041fc13
                    0x00000000
                    0x00000000
                    0x0041fc1a
                    0x0041fc1f
                    0x0041fc22
                    0x0041fc25
                    0x0041fcc8
                    0x0041fccc
                    0x0041fcce
                    0x0041fcd7
                    0x0041fcd7
                    0x0041fcda
                    0x0041fc66
                    0x0041fc6e
                    0x0041fc78
                    0x0041fc78
                    0x0041fc2b
                    0x0041fc2d
                    0x00000000
                    0x0041fc2d
                    0x0041fbf2
                    0x0041fbfa
                    0x0041fc00
                    0x0041fc02
                    0x0041fc7b
                    0x0041fc7b
                    0x0041fc7f
                    0x0041fc81
                    0x0041fc87
                    0x0041fc90
                    0x0041fc98
                    0x0041fcb0
                    0x0041fcb7
                    0x0041fcbf
                    0x0041fcbf
                    0x0041fcc4
                    0x00000000
                    0x0041fcc4
                    0x0041fc04
                    0x0041fc08
                    0x0041fc0a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0041fc0c
                    0x0041fbc9
                    0x0041fbd3
                    0x0041fbd3
                    0x00000000
                    0x0041fbd3
                    0x0041fbcb
                    0x0041fbd1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0041fc31
                    0x0041fc31
                    0x0041fc33
                    0x0041fc3e
                    0x0041fc40
                    0x0041fc46
                    0x0041fc4a
                    0x0041fc4a
                    0x0041fc4c
                    0x0041fc51
                    0x0041fc53
                    0x0041fc5c
                    0x0041fc5c
                    0x00000000
                    0x0041fbc1
                    0x0041fbb7
                    0x0041fb79
                    0x0041fb7f
                    0x0041fb88
                    0x0041fb88
                    0x0041fb8b
                    0x00000000

                    APIs
                    Strings
                    • Failed to write because file is not open., xrefs: 0041FB83
                    • WriteFileError, xrefs: 0041FCA9
                    • fwrite failed., xrefs: 0041FCD2
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: FileWrite
                    • String ID: Failed to write because file is not open.$WriteFileError$fwrite failed.
                    • API String ID: 3934441357-2761067632
                    • Opcode ID: 61922df888d393e752f2e9f68cff17bfdada62090b16e577f87f5f332b87e4bb
                    • Instruction ID: b3fc36e7036f417cf43202168d6d3816e601762ec8311533cac2285af27f6f02
                    • Opcode Fuzzy Hash: 61922df888d393e752f2e9f68cff17bfdada62090b16e577f87f5f332b87e4bb
                    • Instruction Fuzzy Hash: E641AD706083059BC714CF14C880BABB7A4FF84754F14492EF85697391E779EC8ADB9A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004294F4 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 82%
                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				unsigned int _t15;
				signed int _t26;
				intOrPtr _t28;
				signed int _t35;
				unsigned int _t45;
				intOrPtr _t51;

				_push(0xffffffff);
				_push(0x455138);
				_push(E0042D474);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t51;
				_push(__esi);
				_v28 = _t51 - 0x58;
				_t15 = GetVersion();
				_t45 = _t15;
				 *0x4738e0 = 0;
				_t35 = _t15 & 0x000000ff;
				 *0x4738dc = _t35;
				 *0x4738d8 = _t35 << 8;
				 *0x4738d4 = _t15 >> 0x10;
				if(E0042D40D(_t35 << 8, 0) == 0) {
					L0042960F(0x1c);
				}
				_v8 = 0;
				E0042D0ED();
				 *0x476884 = GetCommandLineA();
				 *0x473914 = E0042CFBB();
				E0042CD6E();
				E0042CCB5();
				E0042933D();
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_v104 = E0042CC5D();
				_t54 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t26 = 0xa;
				} else {
					_t26 = _v96.wShowWindow & 0x0000ffff;
				}
				_t28 = L00401443(_t45, _t54, GetModuleHandleA(0), 0, _v104, _t26); // executed
				_v100 = _t28;
				E0042936A(_t28);
				_v108 =  *((intOrPtr*)( *_v24));
				return E0042CAD9(0, _t54,  *((intOrPtr*)( *_v24)), _v24);
			}
















                    0x004294f7
                    0x004294f9
                    0x004294fe
                    0x00429509
                    0x0042950a
                    0x00429515
                    0x00429517
                    0x0042951a
                    0x00429522
                    0x00429524
                    0x0042952c
                    0x00429532
                    0x0042953d
                    0x00429546
                    0x00429556
                    0x0042955a
                    0x0042955f
                    0x00429560
                    0x00429563
                    0x0042956e
                    0x00429578
                    0x0042957d
                    0x00429582
                    0x00429587
                    0x0042958c
                    0x00429593
                    0x0042959e
                    0x004295a1
                    0x004295a5
                    0x004295af
                    0x004295a7
                    0x004295a7
                    0x004295a7
                    0x004295bd
                    0x004295c2
                    0x004295c6
                    0x004295d2
                    0x004295de

                    APIs
                    • GetVersion.KERNEL32 ref: 0042951A
                      • Part of subcall function 0042D40D: HeapCreate.KERNELBASE(00000000,00001000,00000000,00429553,00000000), ref: 0042D41E
                      • Part of subcall function 0042D40D: HeapDestroy.KERNEL32 ref: 0042D45D
                    • GetCommandLineA.KERNEL32 ref: 00429568
                    • GetStartupInfoA.KERNEL32(?), ref: 00429593
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: Heap$CommandCreateDestroyInfoLineStartupVersion
                    • String ID:
                    • API String ID: 2693947845-0
                    • Opcode ID: ef37b97b51acc2742eaec5588bdbaa3bcd4dbb669a7c22471ee045423c28e1f8
                    • Instruction ID: c8c0f22dbf60b6b19cb04bf2d2d6dd164f4e989b1cb381be941fec08946ff1e8
                    • Opcode Fuzzy Hash: ef37b97b51acc2742eaec5588bdbaa3bcd4dbb669a7c22471ee045423c28e1f8
                    • Instruction Fuzzy Hash: 6011B6B1E01B64ABC704BFB6EC45B5EBBA8EF08745F40013EF50896261DB384540CB99
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040B350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 92%
                    			E0040B350(void* __edx, void* __eflags) {
				int _t43;
				int _t54;
				void* _t80;
				intOrPtr* _t84;
				int _t86;
				void* _t88;
				intOrPtr _t91;
				void* _t92;
				int _t98;

				_t94 = __eflags;
				_t80 = __edx;
				_push(0xffffffff);
				_push(0x44df6c);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t91;
				_t92 = _t91 - 0x1d0;
				E00408BB0(_t92 + 0x34, __eflags);
				 *(_t92 + 0x1e8) = 0;
				L00409A00(_t92 + 0x34, _t88,  *((intOrPtr*)(_t92 + 0x1ec)));
				L00409D00(_t92 + 0x3c, _t88, _t94, 0x2f, 0x5c);
				E004252D0(_t92 + 0x144);
				 *((char*)(_t92 + 0x1e4)) = 1;
				if(E00425320(_t92 + 0x144) == 0) {
					__eflags = E00408CF0(_t92 + 0x34, _t80);
					if(__eflags <= 0) {
						_t43 = CreateDirectoryW(L00409020(_t92 + 0x38), 0);
						goto L5;
					} else {
						E00408BB0(_t92 + 0xbc, __eflags);
						 *((char*)(_t92 + 0x1ec)) = 2;
						E0040A2C0(_t92 + 0x34, _t88, __eflags, _t92 + 0x34, _t92 + 0xbc);
						_t92 = _t92 + 8;
						_t54 = CreateDirectoryW(L00409020(_t92 + 0xbc), 0); // executed
						_t86 = _t54;
						 *((char*)(_t92 + 0x1e4)) = 1;
						_t43 = E00408C80(_t92 + 0xbc);
					}
				} else {
					_t43 = E0040CA00(E004093B0(_t92 + 0x38), 0);
					_t92 = _t92 + 8;
					L5:
					_t86 = _t43;
				}
				if(_t86 == 0) {
					_t84 =  *((intOrPtr*)(_t92 + 0x1f0));
					_t97 = _t84;
					if(_t84 != 0) {
						E00406110(_t92 + 0x10, _t97);
						 *(_t92 + 0x1e8) = 3;
						E00406D00(_t92 + 0x10);
						 *((intOrPtr*)( *_t84 + 0x28))("errorMsg", E00446F00(_t92 + 0x10), _t88);
						 *(_t92 + 0x1e8) = 1;
						_t43 = E00406400(_t92 + 0x10);
					}
					_t98 = _t86;
				}
				 *((char*)(_t92 + 0x1e4)) = 0;
				E00425310(_t43, _t92 + 0x144);
				 *((intOrPtr*)(_t92 + 0x1e4)) = 0xffffffff;
				E00408C80(_t92 + 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t92 + 0x1dc));
				return 0 | _t98 != 0x00000000;
			}












                    0x0040b350
                    0x0040b350
                    0x0040b350
                    0x0040b352
                    0x0040b35d
                    0x0040b35e
                    0x0040b365
                    0x0040b372
                    0x0040b383
                    0x0040b38e
                    0x0040b39b
                    0x0040b3a7
                    0x0040b3b5
                    0x0040b3c3
                    0x0040b3e4
                    0x0040b3e6
                    0x0040b449
                    0x00000000
                    0x0040b3e8
                    0x0040b3ef
                    0x0040b401
                    0x0040b409
                    0x0040b40e
                    0x0040b420
                    0x0040b42d
                    0x0040b42f
                    0x0040b436
                    0x0040b436
                    0x0040b3c5
                    0x0040b3d1
                    0x0040b3d6
                    0x0040b44f
                    0x0040b44f
                    0x0040b44f
                    0x0040b453
                    0x0040b455
                    0x0040b45c
                    0x0040b45e
                    0x0040b465
                    0x0040b46e
                    0x0040b476
                    0x0040b48e
                    0x0040b495
                    0x0040b49c
                    0x0040b4a1
                    0x0040b4a2
                    0x0040b4a2
                    0x0040b4ab
                    0x0040b4b6
                    0x0040b4bf
                    0x0040b4ca
                    0x0040b4db
                    0x0040b4e8

                    APIs
                      • Part of subcall function 004252D0: GetVersionExA.KERNEL32(?,775FB060,0040A1F4), ref: 004252E3
                    • CreateDirectoryW.KERNELBASE(00000000,00000000,?,00000000), ref: 0040B420
                      • Part of subcall function 004093B0: GetACP.KERNEL32(00000000,00000000,?), ref: 00409423
                      • Part of subcall function 0040CA00: CreateDirectoryA.KERNEL32(00000000,?,0040B3D6,00000000,00000000,0000002F,0000005C), ref: 0040CA0A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: CreateDirectory$Version
                    • String ID: errorMsg
                    • API String ID: 4156771296-3051771048
                    • Opcode ID: 9c8da1377be17eccb9ac13d6deec35a4c45ff69abc6f492846ab3e40a2e3c874
                    • Instruction ID: bf4c1a77bd147a6abfbe0b2392a52493bb1a7e43c34aeb27406d4ef3520a55b6
                    • Opcode Fuzzy Hash: 9c8da1377be17eccb9ac13d6deec35a4c45ff69abc6f492846ab3e40a2e3c874
                    • Instruction Fuzzy Hash: 4841A6310083C19BD234EB11D951BEFB7A4AF94704F40092EB88A632D2EF7C5A09C76B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041FA70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 242 41fa70-41fa8e 243 41fb32-41fb38 242->243 244 41fa94-41fa9a 242->244 246 41fb44-41fb4a 243->246 247 41fb3a-41fb3c 243->247 244->243 245 41faa0-41faa6 244->245 248 41faf9-41fafe 245->248 249 41faa8-41fab6 ReadFile 245->249 247->246 248->246 250 41fb00-41fb11 call 42a599 248->250 251 41fae7-41faea 249->251 252 41fab8-41fac1 GetLastError 249->252 260 41fb13-41fb19 250->260 261 41fb1c-41fb23 250->261 253 41faf0-41faf6 251->253 254 41faec 251->254 256 41fad0-41fad6 252->256 257 41fac3-41facd 252->257 254->253 256->246 259 41fad8-41fae4 call 425480 256->259 261->246 263 41fb25-41fb2f 261->263
                    C-Code - Quality: 100%
                    			E0041FA70(void* __ecx, void* __edx, void* _a4, long _a8, DWORD* _a12, char* _a16, intOrPtr* _a20) {
				void* _t16;
				long _t18;
				int _t22;
				intOrPtr* _t30;
				void* _t31;
				DWORD* _t35;
				long _t36;
				char* _t37;

				_t37 = _a16;
				_t36 = _a8;
				_t35 = _a12;
				 *_t37 = 0;
				 *_t35 = 0;
				if(_t36 == 0) {
					L16:
					_t30 = _a20;
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 0x10))("NULL buf or bufSize");
					}
					goto L18;
				} else {
					_t31 = _a4;
					if(_t31 == 0) {
						goto L16;
					} else {
						_t16 =  *(__ecx + 4);
						if(_t16 == 0xffffffff) {
							_t17 =  *((intOrPtr*)(__ecx + 8));
							if( *((intOrPtr*)(__ecx + 8)) == 0) {
								goto L18;
							} else {
								_t18 = E0042A599(_t31, 1, _t36, _t17);
								 *_t35 = _t18;
								if(_t18 != _t36) {
									if(( *( *((intOrPtr*)(__ecx + 8)) + 0xc) & 0x00000020) != 0) {
										goto L18;
									} else {
										 *_t37 = 1;
										return 1;
									}
								} else {
									return 1;
								}
							}
						} else {
							_t22 = ReadFile(_t16, _t31, _t36, _t35, 0); // executed
							if(_t22 != 0) {
								if( *_t35 == 0) {
									 *_t37 = 1;
								}
								return 1;
							} else {
								if(GetLastError() != 0x26) {
									_t32 = _a20;
									if(_a20 == 0) {
										L18:
										return 0;
									} else {
										E00425480(_t32, _t24);
										return 0;
									}
								} else {
									 *_t37 = 1;
									return 1;
								}
							}
						}
					}
				}
			}











                    0x0041fa72
                    0x0041fa77
                    0x0041fa7c
                    0x0041fa80
                    0x0041fa88
                    0x0041fa8e
                    0x0041fb32
                    0x0041fb32
                    0x0041fb38
                    0x0041fb41
                    0x0041fb41
                    0x00000000
                    0x0041fa94
                    0x0041fa94
                    0x0041fa9a
                    0x00000000
                    0x0041faa0
                    0x0041faa0
                    0x0041faa6
                    0x0041faf9
                    0x0041fafe
                    0x00000000
                    0x0041fb00
                    0x0041fb05
                    0x0041fb0f
                    0x0041fb11
                    0x0041fb23
                    0x00000000
                    0x0041fb26
                    0x0041fb26
                    0x0041fb2f
                    0x0041fb2f
                    0x0041fb16
                    0x0041fb19
                    0x0041fb19
                    0x0041fb11
                    0x0041faa8
                    0x0041faae
                    0x0041fab6
                    0x0041faea
                    0x0041faec
                    0x0041faec
                    0x0041faf6
                    0x0041fab8
                    0x0041fac1
                    0x0041fad0
                    0x0041fad6
                    0x0041fb47
                    0x0041fb4a
                    0x0041fad8
                    0x0041fad9
                    0x0041fae4
                    0x0041fae4
                    0x0041fac4
                    0x0041fac4
                    0x0041facd
                    0x0041facd
                    0x0041fac1
                    0x0041fab6
                    0x0041faa6
                    0x0041fa9a

                    APIs
                    • ReadFile.KERNELBASE(?,?,?,?,00000000,00000000,?,00000000,?,0040D439), ref: 0041FAAE
                    • GetLastError.KERNEL32 ref: 0041FAB8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ErrorFileLastRead
                    • String ID: NULL buf or bufSize
                    • API String ID: 1948546556-288910216
                    • Opcode ID: bf88f109c66b7bfb8a64b20cb4ef814cb509c6534ca54ab58e1393dc58af17af
                    • Instruction ID: 541d21f382376f976bd24d4c707c6c7c20f8c65f7cee6269b3b62cb51b9b804e
                    • Opcode Fuzzy Hash: bf88f109c66b7bfb8a64b20cb4ef814cb509c6534ca54ab58e1393dc58af17af
                    • Instruction Fuzzy Hash: EA21B63230434597DB20CE59E484BD7F7889F91761F14812BF905CB252C379A8D6D774
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040B4F0 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 89%
                    			E0040B4F0(void* __edx, void* __ebp, void* __eflags, intOrPtr _a4) {
				char _v4;
				intOrPtr _v12;
				char _v16;
				char _v164;
				char _v176;
				char _v300;
				char _v436;
				char _v440;
				char _v448;
				int _t34;
				int _t41;
				void* _t61;
				int _t64;
				intOrPtr _t67;
				void* _t68;

				_t70 = __eflags;
				_t61 = __edx;
				_push(0xffffffff);
				_push(0x44dfa1);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t67;
				_t68 = _t67 - 0x1a8;
				E00408BB0( &_v436, __eflags);
				_v4 = 0;
				L00409A00( &_v436, __ebp, _a4);
				L00409D00( &_v440, __ebp, _t70, 0x2f, 0x5c);
				E004252D0( &_v176);
				_v16 = 1;
				if(E00425320( &_v176) == 0) {
					__eflags = E00408CF0( &_v448, _t61);
					if(__eflags <= 0) {
						_t34 = SetCurrentDirectoryW(L00409020( &_v436));
						goto L5;
					} else {
						E00408BB0( &_v300, __eflags);
						_v4 = 2;
						E0040A2C0( &_v436, __ebp, __eflags,  &_v436,  &_v300);
						_t68 = _t68 + 8;
						_t41 = SetCurrentDirectoryW(L00409020( &_v300)); // executed
						_t64 = _t41;
						_v4 = 1;
						_t34 = E00408C80( &_v300);
					}
				} else {
					_t34 = SetCurrentDirectoryA(E004093B0( &_v448));
					L5:
					_t64 = _t34;
				}
				_v4 = 0;
				E00425310(_t34,  &_v164);
				_v4 = 0xffffffff;
				E00408C80( &_v436);
				 *[fs:0x0] = _v12;
				return 0 | _t64 != 0x00000000;
			}


















                    0x0040b4f0
                    0x0040b4f0
                    0x0040b4f0
                    0x0040b4f2
                    0x0040b4fd
                    0x0040b4fe
                    0x0040b505
                    0x0040b511
                    0x0040b522
                    0x0040b52d
                    0x0040b53a
                    0x0040b546
                    0x0040b554
                    0x0040b566
                    0x0040b57b
                    0x0040b57d
                    0x0040b5dc
                    0x00000000
                    0x0040b57f
                    0x0040b586
                    0x0040b598
                    0x0040b5a0
                    0x0040b5a5
                    0x0040b5b5
                    0x0040b5c2
                    0x0040b5c4
                    0x0040b5cb
                    0x0040b5cb
                    0x0040b568
                    0x0040b56e
                    0x0040b5e2
                    0x0040b5e2
                    0x0040b5e2
                    0x0040b5ed
                    0x0040b5f8
                    0x0040b601
                    0x0040b60c
                    0x0040b61c
                    0x0040b629

                    APIs
                      • Part of subcall function 004252D0: GetVersionExA.KERNEL32(?,775FB060,0040A1F4), ref: 004252E3
                    • SetCurrentDirectoryW.KERNELBASE(00000000,00472498,00000000), ref: 0040B5B5
                      • Part of subcall function 004093B0: GetACP.KERNEL32(00000000,00000000,?), ref: 00409423
                    • SetCurrentDirectoryA.KERNEL32(00000000,0000002F,0000005C), ref: 0040B56E
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: CurrentDirectory$Version
                    • String ID:
                    • API String ID: 1970650077-0
                    • Opcode ID: 98de1f6892b88fa8b3908a5af09063eddc38286e6154c0b88000b568170ccf10
                    • Instruction ID: 5d4d800ebe764bdbbf8cd5396a3bc9cb87d5ce5a82994a6c7025dca60a71c4ef
                    • Opcode Fuzzy Hash: 98de1f6892b88fa8b3908a5af09063eddc38286e6154c0b88000b568170ccf10
                    • Instruction Fuzzy Hash: B121A570048781AED334EB21D852BEFB7A4AF94754F40092DF89A932D2DF385549CB6A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00429558 Relevance: 4.5, APIs: 3, Instructions: 42COMMON
                    Download Yara Rule

                    Control-flow Graph

                    C-Code - Quality: 100%
                    			E00429558(CHAR* __esi) {
				signed int _t22;
				intOrPtr _t24;
				void* _t33;
				CHAR* _t34;
				void* _t35;

				_t34 = __esi;
				L0042960F(0x1c);
				 *((intOrPtr*)(_t35 - 4)) = __esi;
				E0042D0ED();
				 *0x476884 = GetCommandLineA();
				 *0x473914 = E0042CFBB();
				E0042CD6E();
				E0042CCB5();
				E0042933D();
				 *(_t35 - 0x30) = __esi;
				GetStartupInfoA(_t35 - 0x5c);
				 *((intOrPtr*)(_t35 - 0x64)) = E0042CC5D();
				_t36 =  *(_t35 - 0x30) & 0x00000001;
				if(( *(_t35 - 0x30) & 0x00000001) == 0) {
					_t22 = 0xa;
				} else {
					_t22 =  *(_t35 - 0x2c) & 0x0000ffff;
				}
				_t24 = L00401443(_t33, _t36, GetModuleHandleA(_t34), _t34,  *((intOrPtr*)(_t35 - 0x64)), _t22); // executed
				 *((intOrPtr*)(_t35 - 0x60)) = _t24;
				E0042936A(_t24);
				_t26 =  *((intOrPtr*)(_t35 - 0x14));
				_t30 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0x14))))));
				 *((intOrPtr*)(_t35 - 0x68)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0x14))))));
				return E0042CAD9(_t34, _t36, _t30, _t26);
			}








                    0x00429558
                    0x0042955a
                    0x00429560
                    0x00429563
                    0x0042956e
                    0x00429578
                    0x0042957d
                    0x00429582
                    0x00429587
                    0x0042958c
                    0x00429593
                    0x0042959e
                    0x004295a1
                    0x004295a5
                    0x004295af
                    0x004295a7
                    0x004295a7
                    0x004295a7
                    0x004295bd
                    0x004295c2
                    0x004295c6
                    0x004295cb
                    0x004295d0
                    0x004295d2
                    0x004295de

                    APIs
                      • Part of subcall function 0042960F: ExitProcess.KERNEL32 ref: 0042962C
                      • Part of subcall function 0042D0ED: GetStartupInfoA.KERNEL32(?), ref: 0042D146
                      • Part of subcall function 0042D0ED: GetFileType.KERNEL32(00000800), ref: 0042D1EC
                    • GetCommandLineA.KERNEL32 ref: 00429568
                      • Part of subcall function 0042CFBB: GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042CFD6
                      • Part of subcall function 0042CFBB: GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042D016
                      • Part of subcall function 0042CFBB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429578), ref: 0042D04E
                      • Part of subcall function 0042CFBB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429578), ref: 0042D070
                      • Part of subcall function 0042CFBB: FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00429578), ref: 0042D089
                      • Part of subcall function 0042CD6E: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\AvigilonControlCenterPlayerStandAlone-6.10.0.24.exe,00000104,?,00000000,?,?,?,?,00429582), ref: 0042CD91
                    • GetStartupInfoA.KERNEL32(?), ref: 00429593
                    • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004295B6
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: EnvironmentStrings$ByteCharFileInfoModuleMultiStartupWide$CommandExitFreeHandleLineNameProcessType
                    • String ID:
                    • API String ID: 2836908105-0
                    • Opcode ID: b89a05d7b0b6f105bc863ddbe4bceb98bfb6676275cd07c2e082a6fb06ca83fb
                    • Instruction ID: c29ee6179f0a6f04bd2715552fb661f75638ea3822eb98af321dcb53cb0844f6
                    • Opcode Fuzzy Hash: b89a05d7b0b6f105bc863ddbe4bceb98bfb6676275cd07c2e082a6fb06ca83fb
                    • Instruction Fuzzy Hash: F10100B1E017249EDB04AFF1F9459AD7BB8FF08705F50001FF505A6261DB788940D66D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042D40D Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 319 42d40d-42d42b HeapCreate 320 42d463-42d465 319->320 321 42d42d-42d43a call 42d2c5 319->321 324 42d449-42d44c 321->324 325 42d43c-42d447 call 42f0ed 321->325 327 42d466-42d469 324->327 328 42d44e call 42fc34 324->328 331 42d453-42d455 325->331 328->331 331->327 332 42d457-42d45d HeapDestroy 331->332 332->320
                    C-Code - Quality: 100%
                    			E0042D40D(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0x476760 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = E0042D2C5(_t12, _t15);
					 *0x476764 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = L0042FC34();
							goto L5;
						}
					} else {
						_t10 = E0042F0ED(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0x476760);
							goto L7;
						}
					}
				}
			}








                    0x0042d40d
                    0x0042d41e
                    0x0042d424
                    0x0042d426
                    0x0042d42b
                    0x0042d463
                    0x0042d465
                    0x0042d42d
                    0x0042d42d
                    0x0042d435
                    0x0042d43a
                    0x0042d449
                    0x0042d44c
                    0x00000000
                    0x0042d44e
                    0x0042d44e
                    0x00000000
                    0x0042d44e
                    0x0042d43c
                    0x0042d441
                    0x0042d453
                    0x0042d455
                    0x0042d466
                    0x0042d468
                    0x0042d469
                    0x0042d457
                    0x0042d45d
                    0x00000000
                    0x0042d45d
                    0x0042d455
                    0x0042d43a

                    APIs
                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,00429553,00000000), ref: 0042D41E
                      • Part of subcall function 0042D2C5: GetVersionExA.KERNEL32 ref: 0042D2E4
                    • HeapDestroy.KERNEL32 ref: 0042D45D
                      • Part of subcall function 0042F0ED: HeapAlloc.KERNEL32(00000000,00000140,0042D446,000003F8), ref: 0042F0FA
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: Heap$AllocCreateDestroyVersion
                    • String ID:
                    • API String ID: 2507506473-0
                    • Opcode ID: 11de85c7ba89020bb0c5673883bd65ff3f0f38c4c604e153e25021300b28743f
                    • Instruction ID: 2b39c84f2446aeb985545ebc411362ae88ce4b6033e1121a867eb5861235edfb
                    • Opcode Fuzzy Hash: 11de85c7ba89020bb0c5673883bd65ff3f0f38c4c604e153e25021300b28743f
                    • Instruction Fuzzy Hash: 28F0ED30F003519AEB203B317E0A72A36A0EB407DBF90843BF401C81E1EB78D4C1DA1A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040504B Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • __EH_prolog.LIBCMT ref: 00405050
                      • Part of subcall function 00404FA7: __EH_prolog.LIBCMT ref: 00404FAC
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID:
                    • API String ID: 3519838083-0
                    • Opcode ID: 271684e7f7cd18e2093495e85f7b8132ef14917e154348b45c9a4b87075dd9ee
                    • Instruction ID: 48b64a4aac448b4b783275b9145f56e55b85d3241ec320584872ae650da99ca4
                    • Opcode Fuzzy Hash: 271684e7f7cd18e2093495e85f7b8132ef14917e154348b45c9a4b87075dd9ee
                    • Instruction Fuzzy Hash: AC116031A01504AAEB04FBA1E956BEDB776EF50308F50402EF412B71D6DF782A19CA59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00405165 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 364 405165-40517d call 4291c0 367 4051ef-4051fb 364->367 368 40517f-405183 364->368 368->367 369 405185-4051bc call 406110 call 405cb0 call 405460 call 446f00 call 40fc10 368->369 380 4051d0-4051de call 446f00 call 40504b 369->380 381 4051be-4051c2 369->381 382 4051e3-4051ea call 406400 380->382 381->382 383 4051c4-4051ce call 40f820 381->383 382->367 383->382
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID:
                    • API String ID: 3519838083-0
                    • Opcode ID: 6f19f2b9506f0d4a020953dc2eb0045f165e54c270b7a6b659b4332284f6422b
                    • Instruction ID: 32ce67817c60cb9025cbd919667b6268dd0b3c0d99dc6ff6c31bdf93c6a9e8a8
                    • Opcode Fuzzy Hash: 6f19f2b9506f0d4a020953dc2eb0045f165e54c270b7a6b659b4332284f6422b
                    • Instruction Fuzzy Hash: 3F117C30900608AADF14EB61E942BEE7B65EF01328F50413FB852B61D2DF389F04CB49
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042AC7D Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 390 42ac7d-42ac8a 391 42aca1-42aca4 390->391 392 42ac8c-42ac92 390->392 393 42acd3-42acd5 391->393 395 42aca6-42acac 391->395 392->393 394 42ac94-42ac9d call 42f489 392->394 399 42acd7-42acd9 393->399 400 42acda-42acdd 393->400 394->393 405 42ac9f-42aca0 394->405 397 42acb6-42acb8 395->397 398 42acae-42acb4 395->398 403 42acb9-42acbf 397->403 398->403 399->400 401 42ace0-42ace9 RtlAllocateHeap 400->401 404 42acef-42acf0 401->404 403->401 406 42acc1-42accf call 42ff2c 403->406 406->404 409 42acd1 406->409 409->401
                    APIs
                    • RtlAllocateHeap.NTDLL(00000000,?,00000000,0042AC61,000000E0,0042AC4E,?,0042D0FE,00000100,?,00000000), ref: 0042ACE9
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AllocateHeap
                    • String ID:
                    • API String ID: 1279760036-0
                    • Opcode ID: cd8441a14dce8d26d2ed4c195f35966accdb6937f70528d352a1006f6ad1e0f3
                    • Instruction ID: 9fd6cc1f8868ed57fc1f4ba965050572fba3487bf6335edb8720071473fd0952
                    • Opcode Fuzzy Hash: cd8441a14dce8d26d2ed4c195f35966accdb6937f70528d352a1006f6ad1e0f3
                    • Instruction Fuzzy Hash: 5BF0D132B04A3157DA20A726BE407D76351AB04774F960523EC44EB2D0D768ACA1A6CE
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042B1A5 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMONLIBRARYCODE
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 410 42b1a5-42b1af 411 42b1b1-42b1b9 410->411 412 42b20b-42b20d 410->412 413 42b1d1-42b1d4 411->413 414 42b1bb-42b1c5 call 42f135 411->414 416 42b1d6-42b1e9 call 42fe90 413->416 417 42b1fc 413->417 420 42b1fd-42b205 RtlFreeHeap 414->420 421 42b1c7-42b1cf call 42f160 414->421 416->417 424 42b1eb-42b1fa call 42fee7 416->424 417->420 420->412 421->412 424->412
                    APIs
                    • RtlFreeHeap.NTDLL(00000000,?,00000000,?,00000000,0042D07F,00429578,?,00000000,?,?,?,?,00429578), ref: 0042B205
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: FreeHeap
                    • String ID:
                    • API String ID: 3298025750-0
                    • Opcode ID: b9ecc15ea10a22db14f54e1a009f08f9145250a54289013802a1a925f24c2cfb
                    • Instruction ID: aa22f3ac8ad6a217380186ba08ac221d0ddccd81639edee6a2efa880639019f0
                    • Opcode Fuzzy Hash: b9ecc15ea10a22db14f54e1a009f08f9145250a54289013802a1a925f24c2cfb
                    • Instruction Fuzzy Hash: D6F0AF32A01639BACB21A611FC06EBF776DDB02794BD00037FC04D6111EB689E6596ED
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041F6C0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                    Download Yara Rule
                    APIs
                    • FindCloseChangeNotification.KERNELBASE(?,?,0041F698,00000000,0040C92C,00000000,?,?,00000000), ref: 0041F6CC
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ChangeCloseFindNotification
                    • String ID:
                    • API String ID: 2591292051-0
                    • Opcode ID: 8e4b04920f2db4cac05a49ba59d951af0ae3798c23adbcfd90403da098ed4724
                    • Instruction ID: 3b2d62399d5a9b7a34f5b1fd5322fedb062ce2c7169daa4312b791f31565ceed
                    • Opcode Fuzzy Hash: 8e4b04920f2db4cac05a49ba59d951af0ae3798c23adbcfd90403da098ed4724
                    • Instruction Fuzzy Hash: ACD012B0500B1147D6309F29E84864372D95B04730B144B29F47AC77E0D774EC868668
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040CA50 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileA.KERNELBASE(?,?,?,?,?,?,?,0041EE23,00000000,?,?,?,?,?,?,00000000), ref: 0040CA73
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: 4e1b64a3f5e4ec4f1783e0d7089c03449908ab496d4159d9020e3f944120f10f
                    • Instruction ID: 6d27bf1a1f8ebf083a2dc4434aca50e0376e20e635034d5d1bd5d37019d2a20d
                    • Opcode Fuzzy Hash: 4e1b64a3f5e4ec4f1783e0d7089c03449908ab496d4159d9020e3f944120f10f
                    • Instruction Fuzzy Hash: 30D042B1608202AF8644CF88EA84D1BB7E9ABCCB00F00890CB685D3250D630EC09CB73
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040CA40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                    Download Yara Rule
                    APIs
                    • GetFileAttributesA.KERNELBASE(00000000,0040ADF7,00000000,0000002F,0000005C), ref: 0040CA45
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AttributesFile
                    • String ID:
                    • API String ID: 3188754299-0
                    • Opcode ID: a7b1b82e6ffdc625602de4b850612d834d0b365aaa69d03e2178b1c46d37b21c
                    • Instruction ID: da062fb99149d893a26d576c1d954405ef02b8eb95d5371c20bbfa34c1d926da
                    • Opcode Fuzzy Hash: a7b1b82e6ffdc625602de4b850612d834d0b365aaa69d03e2178b1c46d37b21c
                    • Instruction Fuzzy Hash: F7A00275904342ABCE00DBA4DA4DA0B7BA9BB84B42B108854F145C3465D634D840DF55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 00432A0C Relevance: 26.7, Strings: 21, Instructions: 417COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 70%
                    			E00432A0C(signed int* _a4, intOrPtr* _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28) {
				signed int _v8;
				char _v12;
				signed char* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v58;
				signed int _v62;
				signed int _v66;
				signed int _v68;
				char _v73;
				char _v96;
				signed int _t121;
				intOrPtr _t141;
				intOrPtr _t143;
				signed int _t146;
				intOrPtr* _t148;

				_t148 = _a12;
				_v16 =  &_v96;
				_t121 = 0;
				_t146 = 1;
				_v44 = 0;
				_v28 = _t146;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v36 = 0;
				_v48 = 0;
				_v52 = 0;
				_v32 = 0;
				_v12 = 0;
				_v24 = 0;
				_a12 = _t148;
				L1:
				_t143 =  *_t148;
				if(_t143 == 0x20 || _t143 == 9 || _t143 == 0xa || _t143 == 0xd) {
					_t148 = _t148 + 1;
					goto L1;
				}
				_push(4);
				while(1) {
					L7:
					_t141 =  *_t148;
					_t148 = _t148 + 1;
					if(_t121 > 0xb) {
						break;
					}
					switch( *((intOrPtr*)(_t121 * 4 +  &M00432EAD))) {
						case 0:
							__eflags = _t141 - 0x31;
							if(_t141 < 0x31) {
								L12:
								__eflags = _t141 -  *0x46bad4; // 0x2e
								if(__eflags != 0) {
									_t137 = _t141 - 0x2b;
									__eflags = _t137;
									if(_t137 == 0) {
										_v44 = _v44 & 0x00000000;
										_push(2);
										_pop(_t121);
										goto L7;
									}
									_t139 = _t137;
									__eflags = _t139;
									if(_t139 == 0) {
										_push(2);
										_v44 = 0x8000;
										_pop(_t121);
										goto L7;
									}
									__eflags = _t139 != 3;
									if(_t139 != 3) {
										goto L109;
									}
									goto L36;
								}
								goto L13;
							}
							__eflags = _t141 - 0x39;
							if(_t141 > 0x39) {
								goto L12;
							}
							goto L11;
						case 1:
							__eflags = __bl - 0x31;
							_v20 = __edx;
							if(__bl < 0x31) {
								L22:
								__eflags = __bl -  *0x46bad4; // 0x2e
								if(__eflags == 0) {
									goto L47;
								}
								__eflags = __bl - 0x2b;
								if(__bl == 0x2b) {
									goto L31;
								}
								__eflags = __bl - 0x2d;
								if(__bl == 0x2d) {
									goto L31;
								}
								__eflags = __bl - 0x30;
								if(__bl == 0x30) {
									goto L36;
								}
								goto L26;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								goto L11;
							}
							goto L22;
						case 2:
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								L34:
								__eflags = __bl -  *0x46bad4; // 0x2e
								if(__eflags == 0) {
									L13:
									_push(5);
									goto L90;
								}
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									goto L94;
								}
								L36:
								_t121 = _t146;
								goto L7;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								L11:
								_push(3);
								goto L81;
							}
							goto L34;
						case 3:
							_v20 = __edx;
							while(1) {
								__eflags =  *0x46bad0 - __edx; // 0x1
								if(__eflags <= 0) {
									__ecx =  *0x46b8c4; // 0x46b8ce
									__eax = __bl & 0x000000ff;
									__eax = __bl & 0x000000ff & __esi;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E0042E4ED(__ecx, __esi, __bl & 0x000000ff, __esi);
									_pop(__ecx);
									_pop(__ecx);
									_push(1);
									_pop(__edx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__eflags = _v8 - 0x19;
								if(_v8 >= 0x19) {
									_t31 =  &_v12;
									 *_t31 = _v12 + 1;
									__eflags =  *_t31;
								} else {
									__eax = _v16;
									_v8 = _v8 + 1;
									__bl = __bl - 0x30;
									_v16 =  &(_v16[1]);
									 *_v16 = __bl;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							__eflags = __bl -  *0x46bad4; // 0x2e
							if(__eflags != 0) {
								goto L58;
							}
							L47:
							__eax = __esi;
							goto L7;
						case 4:
							__eflags = _v8;
							_v20 = __edx;
							_v40 = __edx;
							if(_v8 != 0) {
								while(1) {
									L51:
									__eflags =  *0x46bad0 - __edx; // 0x1
									if(__eflags <= 0) {
										__ecx =  *0x46b8c4; // 0x46b8ce
										__eax = __bl & 0x000000ff;
										__eax = __bl & 0x000000ff & __esi;
										__eflags = __eax;
									} else {
										__eax = __bl & 0x000000ff;
										__eax = E0042E4ED(__ecx, __esi, __bl & 0x000000ff, __esi);
										_pop(__ecx);
										_pop(__ecx);
										_push(1);
										_pop(__edx);
									}
									__eflags = __eax;
									if(__eax == 0) {
										break;
									}
									__eflags = _v8 - 0x19;
									if(_v8 < 0x19) {
										__eax = _v16;
										_v8 = _v8 + 1;
										__bl = __bl - 0x30;
										_v16 =  &(_v16[1]);
										_t46 =  &_v12;
										 *_t46 = _v12 - 1;
										__eflags =  *_t46;
										 *_v16 = __bl;
									}
									__bl =  *__edi;
									__edi = __edi + 1;
								}
								L58:
								__eflags = __bl - 0x2b;
								if(__bl == 0x2b) {
									L31:
									__edi = __edi - 1;
									_push(0xb);
									goto L90;
								}
								__eflags = __bl - 0x2d;
								if(__bl == 0x2d) {
									goto L31;
								}
								L26:
								__eflags = __bl - 0x43;
								if(__bl <= 0x43) {
									goto L109;
								}
								__eflags = __bl - 0x45;
								if(__bl <= 0x45) {
									L30:
									_push(6);
									goto L90;
								}
								__eflags = __bl - 0x63;
								if(__bl <= 0x63) {
									goto L109;
								}
								__eflags = __bl - 0x65;
								if(__bl > 0x65) {
									goto L109;
								}
								goto L30;
							} else {
								goto L49;
							}
							while(1) {
								L49:
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									goto L51;
								}
								_v12 = _v12 - 1;
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							goto L51;
						case 5:
							__eflags =  *0x46bad0 - __edx;
							_v40 = __edx;
							if( *0x46bad0 <= __edx) {
								__ecx =  *0x46b8c4; // 0x46b8ce
								__eax = __bl & 0x000000ff;
								__eax = __bl & 0x000000ff & __esi;
								__eflags = __eax;
							} else {
								__eax = __bl & 0x000000ff;
								__eax = E0042E4ED(__ecx, __esi, __bl & 0x000000ff, __esi);
								_pop(__ecx);
								_pop(__ecx);
								_push(1);
								_pop(__edx);
							}
							__eflags = __eax;
							if(__eax == 0) {
								goto L94;
							} else {
								__eax = __esi;
								goto L82;
							}
						case 6:
							_t51 = __edi - 2; // 0x0
							__ecx = _t51;
							__eflags = __bl - 0x31;
							_a12 = __ecx;
							if(__bl < 0x31) {
								L68:
								__eax = __bl;
								__eax = __bl - 0x2b;
								__eflags = __eax;
								if(__eax == 0) {
									goto L89;
								}
								__eax = __eax - 1;
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L88;
								}
								__eax = __eax - 3;
								__eflags = __eax;
								if(__eax != 0) {
									goto L110;
								}
								goto L71;
							}
							__eflags = __bl - 0x39;
							if(__bl <= 0x39) {
								goto L80;
							}
							goto L68;
						case 7:
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								L83:
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									L94:
									__edi = _a12;
									goto L111;
								}
								L71:
								_push(8);
								goto L90;
							}
							__eflags = __bl - 0x39;
							if(__bl > 0x39) {
								goto L83;
							}
							goto L80;
						case 8:
							_v36 = __edx;
							while(1) {
								__eflags = __bl - 0x30;
								if(__bl != 0x30) {
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							__eflags = __bl - 0x31;
							if(__bl < 0x31) {
								goto L109;
							}
							__eflags = __bl - 0x39;
							if(__bl > 0x39) {
								goto L109;
							}
							L80:
							_push(9);
							L81:
							_pop(_t121);
							L82:
							_t148 = _t148 - 1;
							goto L7;
						case 9:
							_v36 = 1;
							__esi = 0;
							__eflags = 0;
							while(1) {
								__eflags =  *0x46bad0 - 1;
								if( *0x46bad0 <= 1) {
									__ecx =  *0x46b8c4; // 0x46b8ce
									__eax = __bl & 0x000000ff;
									__eax = __bl & 4;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E0042E4ED(__ecx, __esi, __bl & 0x000000ff, 4);
									_pop(__ecx);
									_pop(__ecx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__ecx = __bl;
								_t66 = (__esi + __esi * 4) * 2; // -44
								__esi = __ecx + _t66 - 0x30;
								__eflags = __esi - 0x1450;
								if(__esi > 0x1450) {
									__esi = 0x1451;
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							_v32 = __esi;
							while(1) {
								__eflags =  *0x46bad0 - 1;
								if( *0x46bad0 <= 1) {
									__ecx =  *0x46b8c4; // 0x46b8ce
									__eax = __bl & 0x000000ff;
									__eax = __bl & 4;
									__eflags = __eax;
								} else {
									__eax = __bl & 0x000000ff;
									__eax = E0042E4ED(__ecx, __esi, __bl & 0x000000ff, 4);
									_pop(__ecx);
									_pop(__ecx);
								}
								__eflags = __eax;
								if(__eax == 0) {
									break;
								}
								__bl =  *__edi;
								__edi = __edi + 1;
							}
							L109:
							_t148 = _t148 - 1;
							goto L111;
						case 0xa:
							goto L92;
						case 0xb:
							__eflags = _a28;
							if(_a28 == 0) {
								_push(0xa);
								__edi = __edi - 1;
								__eflags = __edi;
								_pop(__eax);
								goto L92;
							}
							__eax = __bl;
							_t55 = __edi - 1; // 0x1
							__ecx = _t55;
							__eax = __bl - 0x2b;
							__eflags = __eax;
							_a12 = __ecx;
							if(__eax == 0) {
								L89:
								_push(7);
								L90:
								_pop(_t121);
								goto L7;
							}
							__eax = __eax - 1;
							__eax = __eax - 1;
							__eflags = __eax;
							if(__eax != 0) {
								L110:
								__edi = __ecx;
								L111:
								__eflags = _v20;
								 *_a8 = _t148;
								if(_v20 == 0) {
									_t147 = 0;
									_t123 = 0;
									_t150 = 0;
									_t142 = 0;
									_v24 = 4;
									L138:
									_t144 = _a4;
									_t124 = _t123 | _v44;
									__eflags = _t124;
									_t144[1] = _t150;
									_t144[0] = _t142;
									_t144[2] = _t124;
									 *_t144 = _t147;
									return _v24;
								}
								_push(0x18);
								_pop(_t126);
								__eflags = _v8 - _t126;
								if(_v8 <= _t126) {
									_t127 = _v16;
								} else {
									__eflags = _v73 - 5;
									if(_v73 >= 5) {
										_t75 =  &_v73;
										 *_t75 = _v73 + 1;
										__eflags =  *_t75;
									}
									_v8 = _t126;
									_t127 = _v16 - 1;
									_v12 = _v12 + 1;
								}
								__eflags = _v8;
								if(_v8 <= 0) {
									_t147 = 0;
									_t123 = 0;
									_t150 = 0;
									_t142 = 0;
									goto L129;
								} else {
									while(1) {
										_t127 = _t127 - 1;
										__eflags =  *_t127;
										if( *_t127 != 0) {
											break;
										}
										_v8 = _v8 - 1;
										_v12 = _v12 + 1;
									}
									E00432945(_t148,  &_v96, _v8,  &_v68);
									_t131 = _v32;
									__eflags = _v28;
									if(_v28 < 0) {
										_t131 =  ~_t131;
									}
									_t132 = _t131 + _v12;
									__eflags = _v36;
									if(_v36 == 0) {
										_t132 = _t132 + _a20;
										__eflags = _t132;
									}
									__eflags = _v40;
									if(_v40 == 0) {
										_t132 = _t132 - _a24;
										__eflags = _t132;
									}
									__eflags = _t132 - 0x1450;
									if(_t132 <= 0x1450) {
										__eflags = _t132 - 0xffffebb0;
										if(_t132 >= 0xffffebb0) {
											L0043377C( &_v68, _t132, _a16);
											_t147 = _v68;
											_t142 = _v66;
											_t150 = _v62;
											_t123 = _v58;
											goto L129;
										}
										_v52 = 1;
										goto L128;
									} else {
										_v48 = 1;
										L128:
										_t142 = _a12;
										_t150 = _a12;
										_t123 = _a12;
										_t147 = _a12;
										L129:
										__eflags = _v48;
										if(_v48 == 0) {
											__eflags = _v52;
											if(_v52 != 0) {
												_t147 = 0;
												_t123 = 0;
												_t150 = 0;
												_t142 = 0;
												__eflags = 0;
												_v24 = 1;
											}
										} else {
											_t142 = 0;
											_t123 = 0x7fff;
											_t150 = 0x80000000;
											_t147 = 0;
											_v24 = 2;
										}
										goto L138;
									}
								}
							}
							L88:
							_v28 = _v28 | 0xffffffff;
							_push(7);
							_pop(__eax);
							goto L7;
					}
				}
				L92:
				if(_t121 == 0xa) {
					goto L111;
				}
				goto L7;
			}


























                    0x00432a15
                    0x00432a1d
                    0x00432a20
                    0x00432a22
                    0x00432a23
                    0x00432a26
                    0x00432a29
                    0x00432a2c
                    0x00432a2f
                    0x00432a32
                    0x00432a35
                    0x00432a38
                    0x00432a3b
                    0x00432a3e
                    0x00432a41
                    0x00432a44
                    0x00432a47
                    0x00432a47
                    0x00432a4c
                    0x00432a5d
                    0x00000000
                    0x00432a5d
                    0x00432a60
                    0x00432a63
                    0x00432a63
                    0x00432a63
                    0x00432a65
                    0x00432a69
                    0x00000000
                    0x00000000
                    0x00432a6f
                    0x00000000
                    0x00432a76
                    0x00432a79
                    0x00432a87
                    0x00432a87
                    0x00432a8d
                    0x00432a99
                    0x00432a99
                    0x00432a9c
                    0x00432abc
                    0x00432ac0
                    0x00432ac2
                    0x00000000
                    0x00432ac2
                    0x00432a9f
                    0x00432a9f
                    0x00432aa0
                    0x00432ab0
                    0x00432ab2
                    0x00432ab9
                    0x00000000
                    0x00432ab9
                    0x00432aa2
                    0x00432aa5
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432aab
                    0x00000000
                    0x00432a8d
                    0x00432a7b
                    0x00432a7e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432ac5
                    0x00432ac8
                    0x00432acb
                    0x00432ad2
                    0x00432ad2
                    0x00432ad8
                    0x00000000
                    0x00000000
                    0x00432ade
                    0x00432ae1
                    0x00000000
                    0x00000000
                    0x00432ae3
                    0x00432ae6
                    0x00000000
                    0x00000000
                    0x00432ae8
                    0x00432aeb
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432aeb
                    0x00432acd
                    0x00432ad0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432b1c
                    0x00432b1f
                    0x00432b2a
                    0x00432b2a
                    0x00432b30
                    0x00432a8f
                    0x00432a8f
                    0x00000000
                    0x00432a8f
                    0x00432b36
                    0x00432b39
                    0x00000000
                    0x00000000
                    0x00432b3f
                    0x00432b3f
                    0x00000000
                    0x00432b3f
                    0x00432b21
                    0x00432b24
                    0x00432a80
                    0x00432a80
                    0x00000000
                    0x00432a80
                    0x00000000
                    0x00000000
                    0x00432b46
                    0x00432b49
                    0x00432b49
                    0x00432b4f
                    0x00432b62
                    0x00432b68
                    0x00432b6e
                    0x00432b6e
                    0x00432b51
                    0x00432b51
                    0x00432b56
                    0x00432b5b
                    0x00432b5c
                    0x00432b5d
                    0x00432b5f
                    0x00432b5f
                    0x00432b70
                    0x00432b72
                    0x00000000
                    0x00000000
                    0x00432b74
                    0x00432b78
                    0x00432b8a
                    0x00432b8a
                    0x00432b8a
                    0x00432b7a
                    0x00432b7a
                    0x00432b7d
                    0x00432b80
                    0x00432b83
                    0x00432b86
                    0x00432b86
                    0x00432b8d
                    0x00432b8f
                    0x00432b8f
                    0x00432b92
                    0x00432b98
                    0x00000000
                    0x00000000
                    0x00432b9a
                    0x00432b9a
                    0x00000000
                    0x00000000
                    0x00432ba1
                    0x00432ba5
                    0x00432ba8
                    0x00432bab
                    0x00432bba
                    0x00432bba
                    0x00432bba
                    0x00432bc0
                    0x00432bd3
                    0x00432bd9
                    0x00432bdf
                    0x00432bdf
                    0x00432bc2
                    0x00432bc2
                    0x00432bc7
                    0x00432bcc
                    0x00432bcd
                    0x00432bce
                    0x00432bd0
                    0x00432bd0
                    0x00432be1
                    0x00432be3
                    0x00000000
                    0x00000000
                    0x00432be5
                    0x00432be9
                    0x00432beb
                    0x00432bee
                    0x00432bf1
                    0x00432bf4
                    0x00432bf7
                    0x00432bf7
                    0x00432bf7
                    0x00432bfa
                    0x00432bfa
                    0x00432bfc
                    0x00432bfe
                    0x00432bfe
                    0x00432c01
                    0x00432c01
                    0x00432c04
                    0x00432b14
                    0x00432b14
                    0x00432b15
                    0x00000000
                    0x00432b15
                    0x00432c0a
                    0x00432c0d
                    0x00000000
                    0x00000000
                    0x00432aed
                    0x00432aed
                    0x00432af0
                    0x00000000
                    0x00000000
                    0x00432af6
                    0x00432af9
                    0x00432b0d
                    0x00432b0d
                    0x00000000
                    0x00432b0d
                    0x00432afb
                    0x00432afe
                    0x00000000
                    0x00000000
                    0x00432b04
                    0x00432b07
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432bad
                    0x00432bad
                    0x00432bad
                    0x00432bb0
                    0x00000000
                    0x00000000
                    0x00432bb2
                    0x00432bb5
                    0x00432bb7
                    0x00432bb7
                    0x00000000
                    0x00000000
                    0x00432c18
                    0x00432c1e
                    0x00432c21
                    0x00432c34
                    0x00432c3a
                    0x00432c40
                    0x00432c40
                    0x00432c23
                    0x00432c23
                    0x00432c28
                    0x00432c2d
                    0x00432c2e
                    0x00432c2f
                    0x00432c31
                    0x00432c31
                    0x00432c42
                    0x00432c44
                    0x00000000
                    0x00432c4a
                    0x00432c4a
                    0x00000000
                    0x00432c4a
                    0x00000000
                    0x00432c4e
                    0x00432c4e
                    0x00432c51
                    0x00432c54
                    0x00432c57
                    0x00432c5e
                    0x00432c5e
                    0x00432c61
                    0x00432c61
                    0x00432c64
                    0x00000000
                    0x00000000
                    0x00432c66
                    0x00432c67
                    0x00432c67
                    0x00432c68
                    0x00000000
                    0x00000000
                    0x00432c6a
                    0x00432c6a
                    0x00432c6d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432c6d
                    0x00432c59
                    0x00432c5c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432c98
                    0x00432c9b
                    0x00432cab
                    0x00432cab
                    0x00432cae
                    0x00432cf4
                    0x00432cf4
                    0x00000000
                    0x00432cf4
                    0x00432c73
                    0x00432c73
                    0x00000000
                    0x00432c73
                    0x00432c9d
                    0x00432ca0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432c77
                    0x00432c7a
                    0x00432c7a
                    0x00432c7d
                    0x00000000
                    0x00000000
                    0x00432c7f
                    0x00432c81
                    0x00432c81
                    0x00432c84
                    0x00432c87
                    0x00000000
                    0x00000000
                    0x00432c8d
                    0x00432c90
                    0x00000000
                    0x00000000
                    0x00432ca2
                    0x00432ca2
                    0x00432ca4
                    0x00432ca4
                    0x00432ca5
                    0x00432ca5
                    0x00000000
                    0x00000000
                    0x00432cfc
                    0x00432d03
                    0x00432d03
                    0x00432d05
                    0x00432d05
                    0x00432d0c
                    0x00432d1d
                    0x00432d23
                    0x00432d29
                    0x00432d29
                    0x00432d0e
                    0x00432d0e
                    0x00432d14
                    0x00432d19
                    0x00432d1a
                    0x00432d1a
                    0x00432d2c
                    0x00432d2e
                    0x00000000
                    0x00000000
                    0x00432d30
                    0x00432d36
                    0x00432d36
                    0x00432d3a
                    0x00432d40
                    0x00432d47
                    0x00000000
                    0x00432d47
                    0x00432d42
                    0x00432d44
                    0x00432d44
                    0x00432d4c
                    0x00432d4f
                    0x00432d4f
                    0x00432d56
                    0x00432d67
                    0x00432d6d
                    0x00432d73
                    0x00432d73
                    0x00432d58
                    0x00432d58
                    0x00432d5e
                    0x00432d63
                    0x00432d64
                    0x00432d64
                    0x00432d76
                    0x00432d78
                    0x00000000
                    0x00000000
                    0x00432d7a
                    0x00432d7c
                    0x00432d7c
                    0x00432d7f
                    0x00432d7f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00432cb2
                    0x00432cb6
                    0x00432ce2
                    0x00432ce4
                    0x00432ce4
                    0x00432ce5
                    0x00000000
                    0x00432ce5
                    0x00432cb8
                    0x00432cbb
                    0x00432cbb
                    0x00432cbe
                    0x00432cbe
                    0x00432cc1
                    0x00432cc4
                    0x00432cda
                    0x00432cda
                    0x00432cdc
                    0x00432cdc
                    0x00000000
                    0x00432cdc
                    0x00432cc6
                    0x00432cc7
                    0x00432cc7
                    0x00432cc8
                    0x00432d82
                    0x00432d82
                    0x00432d84
                    0x00432d87
                    0x00432d8b
                    0x00432d8d
                    0x00432e6c
                    0x00432e6e
                    0x00432e70
                    0x00432e72
                    0x00432e74
                    0x00432e92
                    0x00432e92
                    0x00432e95
                    0x00432e95
                    0x00432e99
                    0x00432e9c
                    0x00432e9f
                    0x00432ea7
                    0x00432eac
                    0x00432eac
                    0x00432d93
                    0x00432d95
                    0x00432d96
                    0x00432d99
                    0x00432db0
                    0x00432d9b
                    0x00432d9b
                    0x00432d9f
                    0x00432da1
                    0x00432da1
                    0x00432da1
                    0x00432da1
                    0x00432da4
                    0x00432daa
                    0x00432dab
                    0x00432dab
                    0x00432db3
                    0x00432db7
                    0x00432e62
                    0x00432e64
                    0x00432e66
                    0x00432e68
                    0x00000000
                    0x00432dbd
                    0x00432dbd
                    0x00432dbd
                    0x00432dbe
                    0x00432dc1
                    0x00000000
                    0x00000000
                    0x00432dc3
                    0x00432dc6
                    0x00432dc6
                    0x00432dd6
                    0x00432ddb
                    0x00432de3
                    0x00432de6
                    0x00432de8
                    0x00432de8
                    0x00432dea
                    0x00432ded
                    0x00432df0
                    0x00432df2
                    0x00432df2
                    0x00432df2
                    0x00432df5
                    0x00432df8
                    0x00432dfa
                    0x00432dfa
                    0x00432dfa
                    0x00432dfd
                    0x00432e02
                    0x00432e34
                    0x00432e39
                    0x00432e4c
                    0x00432e51
                    0x00432e54
                    0x00432e57
                    0x00432e5a
                    0x00000000
                    0x00432e5d
                    0x00432e3b
                    0x00000000
                    0x00432e04
                    0x00432e04
                    0x00432e0b
                    0x00432e0b
                    0x00432e0e
                    0x00432e11
                    0x00432e14
                    0x00432e17
                    0x00432e17
                    0x00432e1b
                    0x00432e7d
                    0x00432e81
                    0x00432e83
                    0x00432e85
                    0x00432e87
                    0x00432e89
                    0x00432e89
                    0x00432e8b
                    0x00432e8b
                    0x00432e1d
                    0x00432e1d
                    0x00432e1f
                    0x00432e24
                    0x00432e29
                    0x00432e2b
                    0x00432e2b
                    0x00000000
                    0x00432e1b
                    0x00432e02
                    0x00432db7
                    0x00432cce
                    0x00432cce
                    0x00432cd2
                    0x00432cd4
                    0x00000000
                    0x00000000
                    0x00432a6f
                    0x00432ce6
                    0x00432ce9
                    0x00000000
                    0x00000000
                    0x00000000

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$c$e
                    • API String ID: 0-1157002505
                    • Opcode ID: 2efac69026d47a3c7d0cb249e9a9688c7f948a89b40b449715ae8132c368ca6b
                    • Instruction ID: 2eaf650e64eaf06e9a7ee37534e8f9ab043111ac9f01ea00bc81450767a1db1c
                    • Opcode Fuzzy Hash: 2efac69026d47a3c7d0cb249e9a9688c7f948a89b40b449715ae8132c368ca6b
                    • Instruction Fuzzy Hash: BDE1C131E441599FEB25CF68CA027FEBBB1FB18300F286017D401A6291D7FC9A82DB59
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043232C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 46%
                    			E0043232C(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x473bcc - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x473bd0; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x473bd4; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x473bcc(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x473bcc = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x473bd0 = GetProcAddress(_t15, "GetActiveWindow");
					 *0x473bd4 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                    0x0043232d
                    0x0043232f
                    0x00432337
                    0x0043237b
                    0x0043237b
                    0x00432382
                    0x00432386
                    0x0043238a
                    0x0043238c
                    0x00432393
                    0x00432398
                    0x00432398
                    0x00432393
                    0x0043238a
                    0x00000000
                    0x004323a7
                    0x00432344
                    0x00432348
                    0x004323b1
                    0x00000000
                    0x004323b1
                    0x00432356
                    0x0043235a
                    0x0043235f
                    0x00000000
                    0x00432361
                    0x0043236f
                    0x00432376
                    0x00000000
                    0x00432376

                    APIs
                    • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,0042D6A9,?,Microsoft Visual C++ Runtime Library,00012010,?,004555A8,?,004555F8,?,?,?,Runtime Error!Program: ), ref: 0043233E
                    • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00432356
                    • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00432367
                    • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00432374
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AddressProc$LibraryLoad
                    • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                    • API String ID: 2238633743-4044615076
                    • Opcode ID: b1946a84d0ea2de4ddbcb76c7db21c69d4771a0372b69c3b4588edca03b1fb06
                    • Instruction ID: 8c5bc707d5b35947b756009f45e4046470db6b06d33bcb127cff2004c4645eee
                    • Opcode Fuzzy Hash: b1946a84d0ea2de4ddbcb76c7db21c69d4771a0372b69c3b4588edca03b1fb06
                    • Instruction Fuzzy Hash: 46018431700311AB87109FB59D94B2B7AE8AB5CB52B00143BED09C2263DBBCE8459B69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043C42A Relevance: 10.4, Strings: 7, Instructions: 1680COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 99%
                    			E0043C42A(signed int _a4, intOrPtr _a8, intOrPtr* _a12, signed int _a16) {
				signed int _v4;
				char _v5;
				intOrPtr _v8;
				void* __ecx;
				char _t946;
				signed int _t947;
				intOrPtr _t948;
				signed int _t951;
				signed int _t962;
				signed int _t973;
				signed int _t977;
				signed int _t978;
				signed int _t979;
				signed int _t982;
				signed short* _t989;
				unsigned int _t992;
				signed int _t1006;
				signed int _t1021;
				signed int _t1023;
				signed int _t1033;
				signed int _t1037;
				signed int _t1038;
				signed int _t1039;
				signed int _t1042;
				signed int _t1059;
				unsigned int _t1074;
				signed int _t1077;
				unsigned int _t1083;
				unsigned int _t1085;
				unsigned int _t1087;
				signed int _t1093;
				signed int _t1100;
				unsigned int _t1101;
				signed int _t1104;
				signed int _t1105;
				unsigned int _t1106;
				unsigned int _t1114;
				unsigned int _t1121;
				unsigned int _t1130;
				void* _t1148;
				signed int _t1149;
				unsigned int _t1150;
				unsigned int _t1165;
				unsigned int _t1167;
				signed int _t1180;
				unsigned int _t1191;
				signed int _t1193;
				signed char _t1229;
				intOrPtr* _t1273;
				unsigned int _t1279;
				void* _t1280;
				intOrPtr _t1282;
				signed char* _t1287;
				signed char* _t1292;
				signed int _t1293;
				void* _t1294;
				signed char* _t1301;
				signed int _t1305;
				signed char* _t1306;
				signed int _t1307;
				signed int _t1341;
				signed int _t1396;
				signed int _t1436;
				signed char* _t1437;
				signed int _t1438;
				signed int _t1449;
				signed int _t1451;
				unsigned int* _t1462;
				signed char* _t1485;
				signed int _t1486;
				intOrPtr _t1487;
				signed int _t1497;
				signed int _t1498;
				signed int _t1500;
				signed char* _t1517;
				unsigned int* _t1519;
				signed int _t1539;
				signed int _t1540;
				void* _t1543;
				signed int _t1544;
				signed char _t1545;
				signed int _t1546;
				signed int _t1548;
				signed int _t1554;
				void* _t1557;
				signed int _t1558;
				signed int _t1566;
				unsigned int* _t1574;
				signed int _t1581;
				signed int _t1588;
				signed int _t1595;
				signed int _t1603;
				signed int _t1611;
				signed int _t1619;
				signed int _t1626;
				unsigned int _t1631;
				signed int _t1633;
				signed short _t1634;
				signed int _t1640;
				signed int _t1641;
				void* _t1645;
				signed int _t1646;
				signed int _t1652;
				unsigned int _t1660;
				signed int _t1662;
				signed int _t1670;
				signed int _t1671;
				void* _t1675;
				signed int _t1677;
				signed int _t1678;
				signed int _t1686;
				signed int _t1687;
				intOrPtr* _t1692;
				unsigned int _t1697;
				signed int _t1700;
				void* _t1701;
				signed char* _t1703;
				signed int _t1712;
				signed int _t1720;
				signed int _t1728;
				signed int _t1736;
				signed int _t1744;
				signed int* _t1746;
				signed int _t1753;
				signed int _t1761;
				signed int _t1771;
				void* _t1774;
				signed int _t1775;
				void* _t1782;
				void* _t1783;
				void* _t1784;
				void* _t1785;

				_t1180 = _a16;
				_t1692 = _a12;
				_t1774 = _t1280;
				if(_t1180 != 0) {
					 *((intOrPtr*)( *_t1692 + 0x14))("inflateDataB");
				}
				_t946 = E00426CD0();
				 *(_t1774 + 0x85dc) =  *(_t1774 + 0x85dc) & 0x00000000;
				_v5 = _t946;
				_t947 = _a4;
				if(_t947 == 0) {
					L304:
					__eflags = _t1180;
					if(_t1180 == 0) {
						L307:
						return _t947;
					}
					_t948 =  *_t1692;
					_push("No data to inflate.");
					L306:
					return  *((intOrPtr*)(_t948 + 0x14))();
				}
				_t1282 = _a8;
				if(_t1282 == 0) {
					goto L304;
				} else {
					_v4 = _v4 & 0x00000000;
					 *(_t1774 + 0x10) = _t947;
					 *(_t1774 + 0x14) = _t947;
					 *((intOrPtr*)(_t1774 + 0x1c)) = _t947 + _t1282;
					_t1775 = 0xff0000;
					L5:
					while(1) {
						L5:
						if(_t1180 != 0) {
							 *((intOrPtr*)( *_t1692 + 0x2c))("m_state",  *(_t1774 + 4));
						}
						_t951 =  *(_t1774 + 4);
						if(_t951 != 0xffffffff ||  *(_t1774 + 0xc) == 0) {
							 *(_t1774 + 0x8598) = _t951;
							_t947 =  *(_t1774 + 4);
							if(_t947 != 0xffffffff) {
								__eflags = _t947;
								if(_t947 != 0) {
									__eflags = _t947 - 1;
									if(_t947 != 1) {
										__eflags = _t947 - 2;
										if(_t947 != 2) {
											__eflags = _t947 - 0xa;
											if(_t947 != 0xa) {
												__eflags = _t947 - 0xb;
												if(_t947 != 0xb) {
													__eflags = _t947 - 0xc;
													if(_t947 != 0xc) {
														goto L307;
													}
													 *(_t1774 + 0x858c) =  *(0x4559d4 +  *(_t1774 + 0x805c) * 2) & 0x0000ffff;
													 *(_t1774 + 0x8590) =  *(0x4559d4 +  *(_t1774 + 0x8060) * 2) & 0x0000ffff;
													while(1) {
														__eflags = _v5;
														_t947 =  *(_t1774 + 0x14);
														if(_v5 == 0) {
															_t1283 =  *_t947;
															_t1539 =  *(_t1774 + 0x858c);
															_t1697 = ( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 | _t1283 & 0x0000ff00) << 0x00000008;
															__eflags = _t1697;
														} else {
															_t1539 =  *(_t1774 + 0x858c);
															_t1697 =  *_t947;
														}
														 *(_t1774 + 0x8594) = _t1697 >>  *(_t1774 + 0x18) & _t1539;
														_t1700 =  *(_t1774 + 0x8050);
														_t1287 = _t1700 +  *(_t1774 + 0x8594) * 8;
														 *(_t1774 + 0x8588) = _t1287;
														__eflags =  *_t1287 - 0x10;
														if( *_t1287 == 0x10) {
															break;
														}
														__eflags = _v5;
														if(_v5 == 0) {
															_t1191 = ( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008;
															_t1775 = 0xff0000;
															_t1193 = _t1191 >>  *(_t1774 + 0x18) & _t1539;
															__eflags = _t1193;
															 *(_t1774 + 0x8594) = _t1193;
														} else {
															 *(_t1774 + 0x8594) =  *_t947 >>  *(_t1774 + 0x18) & _t1539;
														}
														_t1292 = _t1700 +  *(_t1774 + 0x8594) * 8;
														while(1) {
															 *(_t1774 + 0x8588) = _t1292;
															_t1293 =  *_t1292 & 0x000000ff;
															_t1701 = 0x10;
															 *(_t1774 + 0x857c) = _t1293;
															__eflags = _t1293 - _t1701;
															if(_t1293 <= _t1701) {
																break;
															}
															__eflags = _t1293 - 0x63;
															if(_t1293 == 0x63) {
																goto L307;
															}
															__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
															if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																goto L307;
															}
															 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
															__eflags =  *(_t1774 + 0x18) - _t1701;
															if( *(_t1774 + 0x18) >= _t1701) {
																 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																_t697 = _t1774 + 0x18;
																 *_t697 =  *(_t1774 + 0x18) & 0x0000000f;
																__eflags =  *_t697;
																 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
															}
															 *(_t1774 + 0x857c) =  *(_t1774 + 0x857c) + 0xfffffff0;
															__eflags = _v5;
															_t1687 =  *(_t1774 + 0x857c);
															_t947 =  *(_t1774 + 0x14);
															if(_v5 == 0) {
																_t1771 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1687 * 2) & 0x0000ffff;
																__eflags = _t1771;
																 *(_t1774 + 0x8594) = _t1771;
															} else {
																 *(_t1774 + 0x8594) =  *(0x4559d4 + _t1687 * 2) & 0x0000ffff &  *_t947 >>  *(_t1774 + 0x18);
															}
															_t1292 = ( *(_t1774 + 0x8588))[4] +  *(_t1774 + 0x8594) * 8;
														}
														_t947 =  *(_t1774 + 0x14);
														__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
														if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
															goto L307;
														}
														_t947 = ( *(_t1774 + 0x8588))[1] & 0x000000ff;
														 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + _t947;
														__eflags =  *(_t1774 + 0x18) - _t1701;
														if( *(_t1774 + 0x18) >= _t1701) {
															 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
															_t728 = _t1774 + 0x18;
															 *_t728 =  *(_t1774 + 0x18) & 0x0000000f;
															__eflags =  *_t728;
															_t947 =  *(_t1774 + 0x10);
															 *(_t1774 + 0x14) = _t947;
														}
														_t1540 =  *(_t1774 + 0x857c);
														__eflags = _t1540 - _t1701;
														if(_t1540 != _t1701) {
															__eflags = _t1540 - 0xf;
															if(_t1540 == 0xf) {
																L0043FE3F(_t1293,  *(_t1774 + 0x8050));
																 *(_t1774 + 0x8050) =  *(_t1774 + 0x8050) & 0x00000000;
																__eflags =  *(_t1774 + 0x8058);
																_t1703 = _t1774 + 0x8058;
																_pop(_t1294);
																if( *(_t1774 + 0x8058) == 0) {
																	L0043FE3F(_t1294,  *(_t1774 + 0x8054));
																}
																 *(_t1774 + 0x8054) =  *(_t1774 + 0x8054) & 0x00000000;
																 *_t1703 =  *_t1703 & 0x00000000;
																_t917 = _t1774 + 4;
																 *_t917 =  *(_t1774 + 4) | 0xffffffff;
																__eflags =  *_t917;
																L287:
																L288:
																if( *(_t1774 + 4) ==  *(_t1774 + 0x8598)) {
																	goto L299;
																}
																_t1180 = _a16;
																goto L5;
															}
															__eflags = _t1540;
															if(_t1540 == 0) {
																 *(_t1774 + 0x8580) = ( *(_t1774 + 0x8588))[4] & 0x0000ffff;
																L243:
																__eflags = _v5;
																_t947 =  *(_t1774 + 0x14);
																if(_v5 == 0) {
																	_t1660 = ( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008;
																	__eflags = _t1660;
																} else {
																	_t1660 =  *_t947;
																}
																_t1662 = _t1660 >>  *(_t1774 + 0x18) &  *(_t1774 + 0x8590);
																__eflags = _t1662;
																 *(_t1774 + 0x8594) = _t1662;
																_t1485 =  *(_t1774 + 0x8054) + _t1662 * 8;
																 *(_t1774 + 0x8588) = _t1485;
																_t1486 =  *_t1485 & 0x000000ff;
																 *(_t1774 + 0x857c) = _t1486;
																while(1) {
																	__eflags = _t1486 - _t1701;
																	if(_t1486 <= _t1701) {
																		break;
																	}
																	__eflags =  *(_t1774 + 0x857c) - 0x63;
																	if( *(_t1774 + 0x857c) == 0x63) {
																		goto L307;
																	}
																	__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																	if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																		goto L307;
																	}
																	 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
																	__eflags =  *(_t1774 + 0x18) - _t1701;
																	if( *(_t1774 + 0x18) >= _t1701) {
																		 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																		_t798 = _t1774 + 0x18;
																		 *_t798 =  *(_t1774 + 0x18) & 0x0000000f;
																		__eflags =  *_t798;
																		 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																	}
																	 *(_t1774 + 0x857c) =  *(_t1774 + 0x857c) + 0xfffffff0;
																	__eflags = _v5;
																	_t1678 =  *(_t1774 + 0x857c);
																	_t947 =  *(_t1774 + 0x14);
																	if(_v5 == 0) {
																		_t1761 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1678 * 2) & 0x0000ffff;
																		__eflags = _t1761;
																		 *(_t1774 + 0x8594) = _t1761;
																	} else {
																		 *(_t1774 + 0x8594) =  *(0x4559d4 + _t1678 * 2) & 0x0000ffff &  *_t947 >>  *(_t1774 + 0x18);
																	}
																	_t1701 = 0x10;
																	_t1517 = ( *(_t1774 + 0x8588))[4] +  *(_t1774 + 0x8594) * 8;
																	 *(_t1774 + 0x8588) = _t1517;
																	_t1486 =  *_t1517 & 0x000000ff;
																	 *(_t1774 + 0x857c) = _t1486;
																}
																_t947 =  *(_t1774 + 0x14);
																__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																	goto L307;
																}
																 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
																__eflags =  *(_t1774 + 0x18) - _t1701;
																if( *(_t1774 + 0x18) >= _t1701) {
																	 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																	_t831 = _t1774 + 0x18;
																	 *_t831 =  *(_t1774 + 0x18) & 0x0000000f;
																	__eflags =  *_t831;
																	 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																}
																_t947 =  *(_t1774 + 0x14);
																_t1487 =  *((intOrPtr*)(_t1774 + 0x1c));
																__eflags = _t947 - _t1487;
																if(_t947 > _t1487) {
																	goto L307;
																} else {
																	__eflags = _t947 + 2 - _t1487;
																	if(_t947 + 2 < _t1487) {
																		__eflags = _v5;
																		if(_v5 == 0) {
																			_t970 =  *_t947;
																			_t973 =  *(0x4559d4 +  *(_t1774 + 0x857c) * 2) & 0x0000ffff;
																			_t1670 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 | _t970 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18);
																			__eflags = _t1670;
																		} else {
																			_t1670 =  *(0x4559d4 +  *(_t1774 + 0x857c) * 2) & 0x0000ffff;
																			_t973 =  *_t947 >>  *(_t1774 + 0x18);
																		}
																		_t1671 = _t1670 & _t973;
																		 *(_t1774 + 0x8594) = _t1671;
																		_t1497 =  *(_t1774 + 0x20) - (( *(_t1774 + 0x8588))[4] & 0x0000ffff) - _t1671;
																		__eflags = _t1497;
																	} else {
																		__eflags = _v5;
																		_t989 =  *(_t1774 + 0x10);
																		if(_v5 == 0) {
																			_t992 = ( *_t989 & 0x0000ffff) >> 0x00000008 | ( *_t989 & 0x0000ffff) << 0x00000008;
																			__eflags = _t992;
																		} else {
																			_t992 =  *_t989 & 0x0000ffff;
																		}
																		_t1677 =  *(0x4559d4 +  *(_t1774 + 0x857c) * 2) & 0x0000ffff & _t992 >>  *(_t1774 + 0x18);
																		 *(_t1774 + 0x8594) = _t1677;
																		_t1497 =  *(_t1774 + 0x20) - (( *(_t1774 + 0x8588))[4] & 0x0000ffff) - _t1677;
																	}
																	 *(_t1774 + 0x8584) = _t1497;
																	 *(_t1774 + 0x18) =  *(_t1774 + 0x18) +  *(_t1774 + 0x857c);
																	__eflags =  *(_t1774 + 0x18) - _t1701;
																	if( *(_t1774 + 0x18) >= _t1701) {
																		 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																		_t868 = _t1774 + 0x18;
																		 *_t868 =  *(_t1774 + 0x18) & 0x0000000f;
																		__eflags =  *_t868;
																		 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																	}
																	do {
																		 *(_t1774 + 0x8584) =  *(_t1774 + 0x8584) & 0x00007fff;
																		_t977 =  *(_t1774 + 0x8584);
																		_t1498 =  *(_t1774 + 0x20);
																		__eflags = _t977 - _t1498;
																		if(_t977 <= _t1498) {
																			_t977 = _t1498;
																		}
																		_t1500 = 0x8000 - _t977;
																		_t978 =  *(_t1774 + 0x8580);
																		__eflags = 0x8000 - _t978;
																		 *(_t1774 + 0x857c) = 0x8000;
																		if(0x8000 > _t978) {
																			_t1500 = _t978;
																		}
																		_t979 = _t978 - _t1500;
																		__eflags = _t979;
																		 *(_t1774 + 0x857c) = _t1500;
																		 *(_t1774 + 0x8580) = _t979;
																		do {
																			 *( *(_t1774 + 0x20) + _t1774 + 0x28) =  *((intOrPtr*)( *(_t1774 + 0x8584) + _t1774 + 0x28));
																			 *(_t1774 + 0x20) =  *(_t1774 + 0x20) + 1;
																			 *(_t1774 + 0x8584) =  *(_t1774 + 0x8584) + 1;
																			_t890 = _t1774 + 0x857c;
																			 *_t890 =  *(_t1774 + 0x857c) - 1;
																			__eflags =  *_t890;
																			_t982 =  *(_t1774 + 0x20);
																		} while ( *_t890 != 0);
																		__eflags = _t982 - 0x8000;
																		if(_t982 < 0x8000) {
																			goto L282;
																		}
																		_v4 = _v4 & 0x00000000;
																		_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
																		__eflags = _t947;
																		if(_t947 == 0) {
																			goto L307;
																		}
																		_t947 =  *(_t1774 + 0x24);
																		_t1675 =  *(_t1774 + 0x20) - _t947;
																		__eflags = _v8 - _t1675;
																		if(_v8 < _t1675) {
																			goto L307;
																		}
																		 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t947 + _t1774 + 0x28, _t1675);
																		_t905 = _t1774 + 0x20;
																		 *_t905 =  *(_t1774 + 0x20) & 0x00007fff;
																		__eflags =  *_t905;
																		 *(_t1774 + 0x24) =  *(_t1774 + 0x20);
																		L282:
																		__eflags =  *(_t1774 + 0x8580);
																	} while ( *(_t1774 + 0x8580) != 0);
																	continue;
																}
															}
															_t1519 =  *(_t1774 + 0x14);
															__eflags = _t1519 -  *((intOrPtr*)(_t1774 + 0x1c));
															if(_t1519 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																goto L307;
															}
															__eflags = _v5;
															if(_v5 == 0) {
																_t1006 = (( *_t1519 & _t1775 |  *_t1519 >> 0x00000010) >> 0x00000008 | ( *_t1519 << 0x00000010 |  *_t1519 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1540 * 2) & 0x0000ffff;
																__eflags = _t1006;
															} else {
																_t1006 =  *(0x4559d4 + _t1540 * 2) & 0x0000ffff &  *_t1519 >>  *(_t1774 + 0x18);
															}
															 *(_t1774 + 0x18) =  *(_t1774 + 0x18) +  *(_t1774 + 0x857c);
															__eflags =  *(_t1774 + 0x18) - _t1701;
															 *(_t1774 + 0x8580) = (( *(_t1774 + 0x8588))[4] & 0x0000ffff) + _t1006;
															if( *(_t1774 + 0x18) >= _t1701) {
																 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
																 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
															}
															goto L243;
														} else {
															L230:
															 *( *(_t1774 + 0x20) + _t1774 + 0x28) = ( *(_t1774 + 0x8588))[4];
															 *(_t1774 + 0x20) =  *(_t1774 + 0x20) + 1;
															__eflags =  *(_t1774 + 0x20) - 0x8000;
															if( *(_t1774 + 0x20) != 0x8000) {
																continue;
															}
															_v4 = 0;
															_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
															__eflags = _t947;
															if(_t947 == 0) {
																goto L307;
															}
															_t1686 =  *(_t1774 + 0x24);
															_t947 =  *(_t1774 + 0x20) - _t1686;
															__eflags = _v8 - _t947;
															if(_v8 < _t947) {
																goto L307;
															}
															 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t1686 + _t1774 + 0x28, _t947);
															 *(_t1774 + 0x20) = 0;
															 *(_t1774 + 0x24) = 0;
															continue;
														}
													}
													__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
													if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
														goto L307;
													}
													 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (_t1287[1] & 0x000000ff);
													__eflags =  *(_t1774 + 0x18) - 0x10;
													if( *(_t1774 + 0x18) >= 0x10) {
														 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
														 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
														 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
													}
													goto L230;
												}
												_t1021 =  *0x473c00; // 0x7
												 *(_t1774 + 0x858c) =  *(0x4559d4 + _t1021 * 2) & 0x0000ffff;
												_t1023 =  *0x473c04; // 0x5
												 *(_t1774 + 0x8590) =  *(0x4559d4 + _t1023 * 2) & 0x0000ffff;
												while(1) {
													__eflags = _v5;
													_t947 =  *(_t1774 + 0x14);
													if(_v5 == 0) {
														_t1297 =  *_t947;
														_t1544 =  *(_t1774 + 0x858c);
														_t1712 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 | _t1297 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & _t1544;
														__eflags = _t1712;
														 *(_t1774 + 0x8594) = _t1712;
													} else {
														_t1544 =  *(_t1774 + 0x858c);
														 *(_t1774 + 0x8594) =  *_t947 >>  *(_t1774 + 0x18) & _t1544;
													}
													_t1229 =  *0x473bf8; // 0x25b1900
													_t1301 = _t1229 +  *(_t1774 + 0x8594) * 8;
													 *(_t1774 + 0x8588) = _t1301;
													__eflags =  *_t1301 - 0x10;
													if( *_t1301 == 0x10) {
														break;
													}
													__eflags = _v5;
													if(_v5 == 0) {
														_t1720 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & _t1544;
														__eflags = _t1720;
														 *(_t1774 + 0x8594) = _t1720;
													} else {
														 *(_t1774 + 0x8594) =  *_t947 >>  *(_t1774 + 0x18) & _t1544;
													}
													_t1305 =  *(_t1774 + 0x8594);
													_t1545 =  *0x473bf8; // 0x25b1900
													while(1) {
														_t1306 = _t1545 + _t1305 * 8;
														 *(_t1774 + 0x8588) = _t1306;
														_t1307 =  *_t1306 & 0x000000ff;
														__eflags = _t1307 - 0x10;
														 *(_t1774 + 0x857c) = _t1307;
														if(_t1307 <= 0x10) {
															break;
														}
														__eflags = _t1307 - 0x63;
														if(_t1307 == 0x63) {
															goto L307;
														}
														__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
														if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
															goto L307;
														}
														 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
														__eflags =  *(_t1774 + 0x18) - 0x10;
														if( *(_t1774 + 0x18) >= 0x10) {
															 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
															_t450 = _t1774 + 0x18;
															 *_t450 =  *(_t1774 + 0x18) & 0x0000000f;
															__eflags =  *_t450;
															 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
														}
														 *(_t1774 + 0x857c) =  *(_t1774 + 0x857c) + 0xfffffff0;
														__eflags = _v5;
														_t1652 =  *(_t1774 + 0x857c);
														_t947 =  *(_t1774 + 0x14);
														if(_v5 == 0) {
															_t1728 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1652 * 2) & 0x0000ffff;
															__eflags = _t1728;
															 *(_t1774 + 0x8594) = _t1728;
															_t1692 = _a12;
														} else {
															 *(_t1774 + 0x8594) =  *(0x4559d4 + _t1652 * 2) & 0x0000ffff &  *_t947 >>  *(_t1774 + 0x18);
														}
														_t1305 =  *(_t1774 + 0x8594);
														_t1545 = ( *(_t1774 + 0x8588))[4];
													}
													_t947 =  *(_t1774 + 0x14);
													__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
													if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
														goto L307;
													}
													_t947 = ( *(_t1774 + 0x8588))[1] & 0x000000ff;
													 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + _t947;
													__eflags =  *(_t1774 + 0x18) - 0x10;
													if( *(_t1774 + 0x18) >= 0x10) {
														 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
														_t480 = _t1774 + 0x18;
														 *_t480 =  *(_t1774 + 0x18) & 0x0000000f;
														__eflags =  *_t480;
														_t947 =  *(_t1774 + 0x10);
														 *(_t1774 + 0x14) = _t947;
													}
													_t1546 =  *(_t1774 + 0x857c);
													__eflags = _t1546 - 0x10;
													if(_t1546 != 0x10) {
														__eflags = _t1546 - 0xf;
														if(_t1546 == 0xf) {
															L130:
															 *(_t1774 + 4) =  *(_t1774 + 4) | 0xffffffff;
															goto L288;
														}
														__eflags = _t1546;
														if(_t1546 == 0) {
															 *(_t1774 + 0x8580) = ( *(_t1774 + 0x8588))[4] & 0x0000ffff;
															L170:
															__eflags = _v5;
															_t947 =  *(_t1774 + 0x14);
															if(_v5 == 0) {
																_t1631 = ( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008;
																__eflags = _t1631;
															} else {
																_t1631 =  *_t947;
															}
															_t1633 = _t1631 >>  *(_t1774 + 0x18) &  *(_t1774 + 0x8590);
															__eflags = _t1633;
															 *(_t1774 + 0x8594) = _t1633;
															_t1436 = _t1633;
															_t1634 =  *0x473bfc; // 0x25b2a18
															while(1) {
																_t1437 = _t1634 + _t1436 * 8;
																 *(_t1774 + 0x8588) = _t1437;
																_t1438 =  *_t1437 & 0x000000ff;
																__eflags = _t1438 - 0x10;
																 *(_t1774 + 0x857c) = _t1438;
																if(_t1438 <= 0x10) {
																	break;
																}
																__eflags = _t1438 - 0x63;
																if(_t1438 == 0x63) {
																	goto L307;
																}
																__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																	goto L307;
																}
																 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
																__eflags =  *(_t1774 + 0x18) - 0x10;
																if( *(_t1774 + 0x18) >= 0x10) {
																	 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																	_t551 = _t1774 + 0x18;
																	 *_t551 =  *(_t1774 + 0x18) & 0x0000000f;
																	__eflags =  *_t551;
																	 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																}
																 *(_t1774 + 0x857c) =  *(_t1774 + 0x857c) + 0xfffffff0;
																__eflags = _v5;
																_t1646 =  *(_t1774 + 0x857c);
																_t947 =  *(_t1774 + 0x14);
																if(_v5 == 0) {
																	_t1753 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 |  *_t947 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1646 * 2) & 0x0000ffff;
																	__eflags = _t1753;
																	 *(_t1774 + 0x8594) = _t1753;
																	_t1692 = _a12;
																} else {
																	 *(_t1774 + 0x8594) =  *(0x4559d4 + _t1646 * 2) & 0x0000ffff &  *_t947 >>  *(_t1774 + 0x18);
																}
																_t1436 =  *(_t1774 + 0x8594);
																_t1634 = ( *(_t1774 + 0x8588))[4];
															}
															_t947 =  *(_t1774 + 0x14);
															__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
															if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																goto L307;
															}
															 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (( *(_t1774 + 0x8588))[1] & 0x000000ff);
															__eflags =  *(_t1774 + 0x18) - 0x10;
															if( *(_t1774 + 0x18) >= 0x10) {
																 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																_t581 = _t1774 + 0x18;
																 *_t581 =  *(_t1774 + 0x18) & 0x0000000f;
																__eflags =  *_t581;
																 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
															}
															_t947 =  *(_t1774 + 0x14);
															__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
															if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																goto L307;
															} else {
																__eflags = _v5;
																if(_v5 == 0) {
																	_t1030 =  *_t947;
																	_t1033 =  *(0x4559d4 +  *(_t1774 + 0x857c) * 2) & 0x0000ffff;
																	_t1640 = (( *_t947 & _t1775 |  *_t947 >> 0x00000010) >> 0x00000008 | ( *_t947 << 0x00000010 | _t1030 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18);
																	__eflags = _t1640;
																} else {
																	_t1640 =  *(0x4559d4 +  *(_t1774 + 0x857c) * 2) & 0x0000ffff;
																	_t1033 =  *_t947 >>  *(_t1774 + 0x18);
																}
																_t1641 = _t1640 & _t1033;
																 *(_t1774 + 0x8594) = _t1641;
																 *(_t1774 + 0x18) =  *(_t1774 + 0x18) +  *(_t1774 + 0x857c);
																__eflags =  *(_t1774 + 0x18) - 0x10;
																 *(_t1774 + 0x8584) =  *(_t1774 + 0x20) - (( *(_t1774 + 0x8588))[4] & 0x0000ffff) - _t1641;
																if( *(_t1774 + 0x18) >= 0x10) {
																	 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																	_t607 = _t1774 + 0x18;
																	 *_t607 =  *(_t1774 + 0x18) & 0x0000000f;
																	__eflags =  *_t607;
																	 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																}
																do {
																	 *(_t1774 + 0x8584) =  *(_t1774 + 0x8584) & 0x00007fff;
																	_t1037 =  *(_t1774 + 0x8584);
																	_t1449 =  *(_t1774 + 0x20);
																	__eflags = _t1037 - _t1449;
																	if(_t1037 <= _t1449) {
																		_t1037 = _t1449;
																	}
																	_t1451 = 0x8000 - _t1037;
																	_t1038 =  *(_t1774 + 0x8580);
																	__eflags = 0x8000 - _t1038;
																	 *(_t1774 + 0x857c) = 0x8000;
																	if(0x8000 > _t1038) {
																		_t1451 = _t1038;
																	}
																	_t1039 = _t1038 - _t1451;
																	__eflags = _t1039;
																	 *(_t1774 + 0x857c) = _t1451;
																	 *(_t1774 + 0x8580) = _t1039;
																	do {
																		 *( *(_t1774 + 0x20) + _t1774 + 0x28) =  *((intOrPtr*)( *(_t1774 + 0x8584) + _t1774 + 0x28));
																		 *(_t1774 + 0x20) =  *(_t1774 + 0x20) + 1;
																		 *(_t1774 + 0x8584) =  *(_t1774 + 0x8584) + 1;
																		_t629 = _t1774 + 0x857c;
																		 *_t629 =  *(_t1774 + 0x857c) - 1;
																		__eflags =  *_t629;
																		_t1042 =  *(_t1774 + 0x20);
																	} while ( *_t629 != 0);
																	__eflags = _t1042 - 0x8000;
																	if(_t1042 < 0x8000) {
																		goto L202;
																	}
																	_v4 = _v4 & 0x00000000;
																	_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
																	__eflags = _t947;
																	if(_t947 == 0) {
																		goto L307;
																	}
																	_t947 =  *(_t1774 + 0x24);
																	_t1645 =  *(_t1774 + 0x20) - _t947;
																	__eflags = _v8 - _t1645;
																	if(_v8 < _t1645) {
																		goto L307;
																	}
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t947 + _t1774 + 0x28, _t1645);
																	_t644 = _t1774 + 0x20;
																	 *_t644 =  *(_t1774 + 0x20) & 0x00007fff;
																	__eflags =  *_t644;
																	 *(_t1774 + 0x24) =  *(_t1774 + 0x20);
																	L202:
																	__eflags =  *(_t1774 + 0x8580);
																} while ( *(_t1774 + 0x8580) != 0);
																continue;
															}
														}
														_t1462 =  *(_t1774 + 0x14);
														__eflags = _t1462 -  *((intOrPtr*)(_t1774 + 0x1c));
														if(_t1462 >  *((intOrPtr*)(_t1774 + 0x1c))) {
															goto L307;
														}
														__eflags = _v5;
														if(_v5 == 0) {
															_t1059 = (( *_t1462 & _t1775 |  *_t1462 >> 0x00000010) >> 0x00000008 | ( *_t1462 << 0x00000010 |  *_t1462 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(0x4559d4 + _t1546 * 2) & 0x0000ffff;
															__eflags = _t1059;
														} else {
															_t1059 =  *(0x4559d4 + _t1546 * 2) & 0x0000ffff &  *_t1462 >>  *(_t1774 + 0x18);
														}
														 *(_t1774 + 0x18) =  *(_t1774 + 0x18) +  *(_t1774 + 0x857c);
														__eflags =  *(_t1774 + 0x18) - 0x10;
														 *(_t1774 + 0x8580) = (( *(_t1774 + 0x8588))[4] & 0x0000ffff) + _t1059;
														if( *(_t1774 + 0x18) >= 0x10) {
															 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
															 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
															 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
														}
														goto L170;
													} else {
														L157:
														 *( *(_t1774 + 0x20) + _t1774 + 0x28) = ( *(_t1774 + 0x8588))[4];
														 *(_t1774 + 0x20) =  *(_t1774 + 0x20) + 1;
														__eflags =  *(_t1774 + 0x20) - 0x8000;
														if( *(_t1774 + 0x20) != 0x8000) {
															continue;
														}
														_v4 = _v4 & 0x00000000;
														_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
														__eflags = _t947;
														if(_t947 == 0) {
															goto L307;
														}
														_t1548 =  *(_t1774 + 0x24);
														_t947 =  *(_t1774 + 0x20) - _t1548;
														__eflags = _v8 - _t947;
														if(_v8 < _t947) {
															goto L307;
														}
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t1548 + _t1774 + 0x28, _t947);
														 *(_t1774 + 0x20) =  *(_t1774 + 0x20) & 0x00000000;
														 *(_t1774 + 0x24) =  *(_t1774 + 0x24) & 0x00000000;
														continue;
													}
												}
												__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
												if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
													goto L307;
												}
												 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + (_t1301[1] & 0x000000ff);
												__eflags =  *(_t1774 + 0x18) - 0x10;
												if( *(_t1774 + 0x18) >= 0x10) {
													 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
													 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
													 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
												}
												goto L157;
											}
											__eflags =  *(_t1774 + 8);
											if( *(_t1774 + 8) <= 0) {
												goto L130;
											} else {
												goto L119;
											}
											while(1) {
												L119:
												_t947 =  *(_t1774 + 0x14);
												__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
												if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
													goto L307;
												}
												__eflags = _v5;
												_t1074 =  *_t947;
												if(_v5 == 0) {
													_t1554 = ((_t1074 & _t1775 | _t1074 >> 0x00000010) >> 0x00000008 | (_t1074 << 0x00000010 | _t1074 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18);
													__eflags = _t1554;
													 *( *(_t1774 + 0x20) + _t1774 + 0x28) = _t1554;
												} else {
													 *( *(_t1774 + 0x20) + _t1774 + 0x28) = _t1074 >>  *(_t1774 + 0x18);
												}
												 *(_t1774 + 0x20) =  *(_t1774 + 0x20) + 1;
												 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 8;
												__eflags =  *(_t1774 + 0x18) - 0x10;
												_t1077 =  *(_t1774 + 0x20);
												if( *(_t1774 + 0x18) >= 0x10) {
													 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
													_t377 = _t1774 + 0x18;
													 *_t377 =  *(_t1774 + 0x18) & 0x0000000f;
													__eflags =  *_t377;
													 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
												}
												__eflags = _t1077 - 0x8000;
												if(_t1077 < 0x8000) {
													L129:
													_t397 = _t1774 + 8;
													 *_t397 =  *(_t1774 + 8) - 1;
													__eflags =  *_t397;
													if( *_t397 != 0) {
														continue;
													}
													goto L130;
												} else {
													_v4 = _v4 & 0x00000000;
													_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
													__eflags = _t947;
													if(_t947 == 0) {
														goto L307;
													}
													_t947 =  *(_t1774 + 0x24);
													_t1557 =  *(_t1774 + 0x20) - _t947;
													__eflags = _v8 - _t1557;
													if(_v8 < _t1557) {
														goto L307;
													}
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t947 + _t1774 + 0x28, _t1557);
													_t393 = _t1774 + 0x20;
													 *_t393 =  *(_t1774 + 0x20) & 0x00007fff;
													__eflags =  *_t393;
													 *(_t1774 + 0x24) =  *(_t1774 + 0x20);
													goto L129;
												}
											}
											goto L307;
										}
										_t947 =  *(_t1774 + 0x14);
										 *(_t1774 + 0x8050) =  *(_t1774 + 0x8050) & 0x00000000;
										__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
										_t1273 = _t1774 + 0x8050;
										if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
											goto L307;
										}
										_t1558 = _v5;
										_t1083 =  *_t947;
										__eflags = _t1558;
										if(_t1558 == 0) {
											_t1736 = (((_t1083 & _t1775 | _t1083 >> 0x00000010) >> 0x00000008 | (_t1083 << 0x00000010 | _t1083 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x0000001f) + 0x101;
											__eflags = _t1736;
											 *(_t1774 + 0x8068) = _t1736;
										} else {
											 *(_t1774 + 0x8068) = (_t1083 >>  *(_t1774 + 0x18) & 0x0000001f) + 0x101;
										}
										 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 5;
										__eflags =  *(_t1774 + 0x18) - 0x10;
										if( *(_t1774 + 0x18) >= 0x10) {
											 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
											_t132 = _t1774 + 0x18;
											 *_t132 =  *(_t1774 + 0x18) & 0x0000000f;
											__eflags =  *_t132;
											 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
										}
										_t947 =  *(_t1774 + 0x14);
										__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
										if(_t947 <=  *((intOrPtr*)(_t1774 + 0x1c))) {
											_t1085 =  *_t947;
											__eflags = _t1558;
											if(_t1558 == 0) {
												_t1744 = (((_t1085 & _t1775 | _t1085 >> 0x00000010) >> 0x00000008 | (_t1085 << 0x00000010 | _t1085 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x0000001f) + 1;
												__eflags = _t1744;
												 *(_t1774 + 0x806c) = _t1744;
											} else {
												 *(_t1774 + 0x806c) = (_t1085 >>  *(_t1774 + 0x18) & 0x0000001f) + 1;
											}
											 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 5;
											__eflags =  *(_t1774 + 0x18) - 0x10;
											if( *(_t1774 + 0x18) >= 0x10) {
												 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
												_t147 = _t1774 + 0x18;
												 *_t147 =  *(_t1774 + 0x18) & 0x0000000f;
												__eflags =  *_t147;
												 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
											}
											_t947 =  *(_t1774 + 0x14);
											__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
											if(_t947 <=  *((intOrPtr*)(_t1774 + 0x1c))) {
												_t1087 =  *_t947;
												__eflags = _t1558;
												if(_t1558 == 0) {
													_t947 = _t1087 & 0x0000ff00;
													_t1338 =  *(_t1774 + 0x18);
													_t1566 = (((_t1087 & _t1775 | _t1087 >> 0x00000010) >> 0x00000008 | (_t1087 << 0x00000010 | _t947) << 0x00000008) >>  *(_t1774 + 0x18) & 0x0000000f) + 4;
													__eflags = _t1566;
													 *(_t1774 + 0x8064) = _t1566;
												} else {
													_t1338 =  *(_t1774 + 0x18);
													_t947 = (_t1087 >>  *(_t1774 + 0x18) & 0x0000000f) + 4;
													 *(_t1774 + 0x8064) = _t947;
												}
												 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 4;
												__eflags =  *(_t1774 + 0x18) - 0x10;
												if( *(_t1774 + 0x18) >= 0x10) {
													 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
													_t162 = _t1774 + 0x18;
													 *_t162 =  *(_t1774 + 0x18) & 0x0000000f;
													__eflags =  *_t162;
													_t947 =  *(_t1774 + 0x10);
													 *(_t1774 + 0x14) = _t947;
												}
												__eflags =  *(_t1774 + 0x8068) - 0x120;
												if( *(_t1774 + 0x8068) <= 0x120) {
													__eflags =  *(_t1774 + 0x806c) - 0x20;
													if( *(_t1774 + 0x806c) > 0x20) {
														goto L307;
													}
													E00428C60(_t1774 + 0x8070, 0, 0x4c);
													_t1783 = _t1782 + 0xc;
													__eflags =  *(_t1774 + 0x8064);
													 *(_t1774 + 0x8040) = 0;
													if( *(_t1774 + 0x8064) <= 0) {
														L73:
														_t1746 = _t1774 + 0x805c;
														 *_t1746 = 7;
														_t947 = L0043FE5F(_t1338, _t1774 + 0x8070, 0x13, 0x13, 0, 0, _t1273, _t1746);
														_t1784 = _t1783 + 0x1c;
														 *(_t1774 + 0x803c) = _t947;
														__eflags = _t947;
														if(_t947 != 0) {
															L297:
															__eflags = _t947 - 1;
															if(_t947 != 1) {
																goto L307;
															}
															return L0043FE3F(_t1338,  *(_t1774 + 0x8050));
														}
														__eflags =  *0x473c08 - _t947; // 0x0
														if(__eflags != 0) {
															 *(_t1774 + 0x85dc) = 1;
															return _t947;
														}
														_t1093 =  *(_t1774 + 0x806c) +  *(_t1774 + 0x8068);
														_t1341 =  *_t1746;
														 *(_t1774 + 0x804c) = _t1093;
														_t1338 =  *(0x4559d4 + _t1341 * 2) & 0x0000ffff;
														 *(_t1774 + 0x8044) =  *(_t1774 + 0x8044) & 0x00000000;
														 *(_t1774 + 0x803c) =  *(_t1774 + 0x803c) & 0x00000000;
														__eflags = _t1093;
														 *(_t1774 + 0x8048) =  *(0x4559d4 + _t1341 * 2) & 0x0000ffff;
														if(_t1093 <= 0) {
															L115:
															L0043FE3F(_t1338,  *_t1273);
															 *_t1746 = 9;
															_t947 = L0043FE5F(_t1338, _t1774 + 0x8070,  *(_t1774 + 0x8068), 0x101, 0x4558dc, 0x45591c, _t1273, _t1746);
															_t1785 = _t1784 + 0x20;
															 *(_t1774 + 0x803c) = _t947;
															__eflags = _t947;
															if(_t947 != 0) {
																goto L297;
															}
															 *(_t1774 + 0x8060) = 6;
															_t1100 = L0043FE5F(_t1338, _t1774 + 0x8070 +  *(_t1774 + 0x8068) * 4,  *(_t1774 + 0x806c), 0, 0x45595c, 0x455998, _t1774 + 0x8054, _t1774 + 0x8060);
															 *(_t1774 + 0x8058) =  *(_t1774 + 0x8058) & 0x00000000;
															_t1782 = _t1785 + 0x1c;
															 *(_t1774 + 4) =  *(_t1774 + 4) + 0xa;
															 *(_t1774 + 0x803c) = _t1100;
															goto L287;
														} else {
															goto L76;
														}
														while(1) {
															L76:
															_t947 =  *(_t1774 + 0x14);
															__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
															if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																goto L307;
															}
															__eflags = _v5;
															_t1101 =  *_t947;
															if(_v5 == 0) {
																_t1595 = ((_t1101 & _t1775 | _t1101 >> 0x00000010) >> 0x00000008 | (_t1101 << 0x00000010 | _t1101 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) &  *(_t1774 + 0x8048);
																__eflags = _t1595;
																 *(_t1774 + 0x85a4) = _t1595;
															} else {
																 *(_t1774 + 0x85a4) = _t1101 >>  *(_t1774 + 0x18) &  *(_t1774 + 0x8048);
															}
															 *(_t1774 + 0x8058) = 1;
															_t1104 =  *_t1273 +  *(_t1774 + 0x85a4) * 8;
															 *(_t1774 + 0x8054) = _t1104;
															_t1396 =  *(_t1104 + 1) & 0x000000ff;
															 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + _t1396;
															__eflags =  *(_t1774 + 0x18) - 0x10;
															 *(_t1774 + 0x8040) = _t1396;
															if( *(_t1774 + 0x18) >= 0x10) {
																 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																_t235 = _t1774 + 0x18;
																 *_t235 =  *(_t1774 + 0x18) & 0x0000000f;
																__eflags =  *_t235;
																 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
															}
															_t1105 =  *(_t1104 + 4) & 0x0000ffff;
															__eflags = _t1105 - 0x10;
															 *(_t1774 + 0x8570) = _t1105;
															if(__eflags >= 0) {
																if(__eflags != 0) {
																	__eflags = _t1105 - 0x11;
																	_t947 =  *(_t1774 + 0x14);
																	if(_t1105 != 0x11) {
																		__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																		if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																			goto L307;
																		}
																		__eflags = _v5;
																		_t1106 =  *_t947;
																		if(_v5 == 0) {
																			_t1603 = (((_t1106 & _t1775 | _t1106 >> 0x00000010) >> 0x00000008 | (_t1106 << 0x00000010 | _t1106 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x0000007f) + 0xb;
																			__eflags = _t1603;
																			 *(_t1774 + 0x8578) = _t1603;
																		} else {
																			 *(_t1774 + 0x8578) = (_t1106 >>  *(_t1774 + 0x18) & 0x0000007f) + 0xb;
																		}
																		 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 7;
																		__eflags =  *(_t1774 + 0x18) - 0x10;
																		if( *(_t1774 + 0x18) >= 0x10) {
																			 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																			_t319 = _t1774 + 0x18;
																			 *_t319 =  *(_t1774 + 0x18) & 0x0000000f;
																			__eflags =  *_t319;
																			 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																		}
																		_t947 =  *(_t1774 + 0x8578);
																		__eflags =  *(_t1774 + 0x803c) + _t947 -  *(_t1774 + 0x804c);
																		if( *(_t1774 + 0x803c) + _t947 >  *(_t1774 + 0x804c)) {
																			goto L307;
																		} else {
																			while(1) {
																				_t1338 = _t947 - 1;
																				__eflags = _t947;
																				 *(_t1774 + 0x8578) = _t947 - 1;
																				if(_t947 == 0) {
																					break;
																				}
																				 *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) =  *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) & 0x00000000;
																				 *(_t1774 + 0x803c) =  *(_t1774 + 0x803c) + 1;
																				_t947 =  *(_t1774 + 0x8578);
																			}
																			L113:
																			_t338 = _t1774 + 0x8044;
																			 *_t338 =  *(_t1774 + 0x8044) & 0x00000000;
																			__eflags =  *_t338;
																			goto L114;
																		}
																	}
																	__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																	if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																		goto L307;
																	}
																	__eflags = _v5;
																	_t1114 =  *_t947;
																	if(_v5 == 0) {
																		_t1611 = (((_t1114 & _t1775 | _t1114 >> 0x00000010) >> 0x00000008 | (_t1114 << 0x00000010 | _t1114 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x00000007) + 3;
																		__eflags = _t1611;
																		 *(_t1774 + 0x8578) = _t1611;
																	} else {
																		 *(_t1774 + 0x8578) = (_t1114 >>  *(_t1774 + 0x18) & 0x00000007) + 3;
																	}
																	 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 3;
																	__eflags =  *(_t1774 + 0x18) - 0x10;
																	if( *(_t1774 + 0x18) >= 0x10) {
																		 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																		_t289 = _t1774 + 0x18;
																		 *_t289 =  *(_t1774 + 0x18) & 0x0000000f;
																		__eflags =  *_t289;
																		 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																	}
																	_t947 =  *(_t1774 + 0x8578);
																	__eflags =  *(_t1774 + 0x803c) + _t947 -  *(_t1774 + 0x804c);
																	if( *(_t1774 + 0x803c) + _t947 >  *(_t1774 + 0x804c)) {
																		goto L307;
																	} else {
																		while(1) {
																			_t1338 = _t947 - 1;
																			__eflags = _t947;
																			 *(_t1774 + 0x8578) = _t947 - 1;
																			if(_t947 == 0) {
																				goto L113;
																			}
																			 *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) =  *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) & 0x00000000;
																			 *(_t1774 + 0x803c) =  *(_t1774 + 0x803c) + 1;
																			_t947 =  *(_t1774 + 0x8578);
																		}
																		goto L113;
																	}
																}
																_t947 =  *(_t1774 + 0x14);
																__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
																if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
																	goto L307;
																}
																__eflags = _v5;
																_t1121 =  *_t947;
																if(_v5 == 0) {
																	_t1619 = (((_t1121 & _t1775 | _t1121 >> 0x00000010) >> 0x00000008 | (_t1121 << 0x00000010 | _t1121 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x00000003) + 3;
																	__eflags = _t1619;
																	 *(_t1774 + 0x8574) = _t1619;
																} else {
																	 *(_t1774 + 0x8574) = (_t1121 >>  *(_t1774 + 0x18) & 0x00000003) + 3;
																}
																 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 2;
																__eflags =  *(_t1774 + 0x18) - 0x10;
																if( *(_t1774 + 0x18) >= 0x10) {
																	 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
																	_t260 = _t1774 + 0x18;
																	 *_t260 =  *(_t1774 + 0x18) & 0x0000000f;
																	__eflags =  *_t260;
																	 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
																}
																_t947 =  *(_t1774 + 0x8574);
																__eflags =  *(_t1774 + 0x803c) + _t947 -  *(_t1774 + 0x804c);
																if( *(_t1774 + 0x803c) + _t947 >  *(_t1774 + 0x804c)) {
																	goto L307;
																} else {
																	while(1) {
																		_t1338 = _t947 - 1;
																		__eflags = _t947;
																		 *(_t1774 + 0x8574) = _t947 - 1;
																		if(_t947 == 0) {
																			goto L114;
																		}
																		 *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) =  *(_t1774 + 0x8044);
																		 *(_t1774 + 0x803c) =  *(_t1774 + 0x803c) + 1;
																		_t947 =  *(_t1774 + 0x8574);
																	}
																	goto L114;
																}
															} else {
																_t1338 =  *(_t1774 + 0x803c);
																 *(_t1774 + 0x8044) = _t1105;
																 *(_t1774 + 0x8070 +  *(_t1774 + 0x803c) * 4) = _t1105;
																 *(_t1774 + 0x803c) =  *(_t1774 + 0x803c) + 1;
																L114:
																__eflags =  *(_t1774 + 0x803c) -  *(_t1774 + 0x804c);
																if( *(_t1774 + 0x803c) <  *(_t1774 + 0x804c)) {
																	continue;
																}
																goto L115;
															}
														}
														goto L307;
													} else {
														goto L66;
													}
													while(1) {
														L66:
														_t947 =  *(_t1774 + 0x14);
														__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
														if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
															goto L307;
														}
														__eflags = _v5;
														_t1130 =  *_t947;
														if(_v5 == 0) {
															_t1338 =  *(_t1774 + 0x18);
															_t1626 = ((_t1130 & _t1775 | _t1130 >> 0x00000010) >> 0x00000008 | (_t1130 << 0x00000010 | _t1130 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x00000007;
															__eflags = _t1626;
															 *(_t1774 + 0x8070 +  *(0x455890 +  *(_t1774 + 0x8040) * 4) * 4) = _t1626;
														} else {
															_t1338 =  *(0x455890 +  *(_t1774 + 0x8040) * 4);
															 *(_t1774 + 0x8070 +  *(0x455890 +  *(_t1774 + 0x8040) * 4) * 4) = _t1130 >>  *(_t1774 + 0x18) & 0x00000007;
														}
														 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 3;
														__eflags =  *(_t1774 + 0x18) - 0x10;
														if( *(_t1774 + 0x18) >= 0x10) {
															 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
															_t193 = _t1774 + 0x18;
															 *_t193 =  *(_t1774 + 0x18) & 0x0000000f;
															__eflags =  *_t193;
															 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
														}
														 *(_t1774 + 0x8040) =  *(_t1774 + 0x8040) + 1;
														__eflags =  *(_t1774 + 0x8040) -  *(_t1774 + 0x8064);
														if( *(_t1774 + 0x8040) <  *(_t1774 + 0x8064)) {
															continue;
														} else {
															goto L73;
														}
													}
												}
											}
										}
										goto L307;
									}
									 *(_t1774 + 4) = 0xb;
									goto L288;
								}
								_t947 =  *(_t1774 + 0x14);
								__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
								if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
									goto L307;
								}
								_t1148 = 8;
								_t1149 = _t1148 - ( *(_t1774 + 0x18) & 0x00000007);
								__eflags = _t1149 - 8;
								 *(_t1774 + 0x8034) = _t1149;
								if(_t1149 < 8) {
									 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + _t1149;
									__eflags =  *(_t1774 + 0x18) - 0x10;
									if( *(_t1774 + 0x18) >= 0x10) {
										 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
										_t65 = _t1774 + 0x18;
										 *_t65 =  *(_t1774 + 0x18) & 0x0000000f;
										__eflags =  *_t65;
										 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
									}
								}
								_t947 =  *(_t1774 + 0x14);
								__eflags = _t947 -  *((intOrPtr*)(_t1774 + 0x1c));
								if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
									goto L307;
								} else {
									__eflags = _v5;
									_t1150 =  *_t947;
									if(_v5 == 0) {
										 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 0x10;
										__eflags =  *(_t1774 + 0x18) - 0x10;
										 *(_t1774 + 0x8034) = ((_t1150 & _t1775 | _t1150 >> 0x00000010) >> 0x00000008 | (_t1150 << 0x00000010 | _t1150 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x0000ffff;
										if( *(_t1774 + 0x18) >= 0x10) {
											 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
											_t93 = _t1774 + 0x18;
											 *_t93 =  *(_t1774 + 0x18) & 0x0000000f;
											__eflags =  *_t93;
											 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
										}
										_t1574 =  *(_t1774 + 0x14);
										_t1279 = (( *_t1574 & _t1775 |  *_t1574 >> 0x00000010) >> 0x00000008 | ( *_t1574 << 0x00000010 |  *_t1574 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18);
										__eflags = _t1279;
										 *(_t1774 + 0x8038) = _t1279;
									} else {
										 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 0x10;
										__eflags =  *(_t1774 + 0x18) - 0x10;
										 *(_t1774 + 0x8034) = _t1150 >>  *(_t1774 + 0x18) & 0x0000ffff;
										if( *(_t1774 + 0x18) >= 0x10) {
											 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
											_t79 = _t1774 + 0x18;
											 *_t79 =  *(_t1774 + 0x18) & 0x0000000f;
											__eflags =  *_t79;
											 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
										}
										_t1574 =  *(_t1774 + 0x14);
										 *(_t1774 + 0x8038) =  *_t1574 >>  *(_t1774 + 0x18);
									}
									_t947 =  !( *(_t1774 + 0x8038)) & 0x0000ffff;
									__eflags =  *(_t1774 + 0x8034) - _t947;
									if( *(_t1774 + 0x8034) != _t947) {
										goto L307;
									} else {
										__eflags = _t1574 -  *((intOrPtr*)(_t1774 + 0x1c));
										if(_t1574 >  *((intOrPtr*)(_t1774 + 0x1c))) {
											goto L307;
										}
										 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 0x10;
										__eflags =  *(_t1774 + 0x18) - 0x10;
										if( *(_t1774 + 0x18) >= 0x10) {
											 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
											_t108 = _t1774 + 0x18;
											 *_t108 =  *(_t1774 + 0x18) & 0x0000000f;
											__eflags =  *_t108;
											 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
										}
										 *(_t1774 + 4) =  *(_t1774 + 4) + 0xa;
										 *(_t1774 + 8) =  *(_t1774 + 0x8034);
										goto L288;
									}
								}
							}
							_t947 =  *(_t1774 + 0x14);
							if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
								__eflags = _t1180;
								if(_t1180 == 0) {
									goto L307;
								}
								_t948 =  *_t1692;
								_push("return_1");
								goto L306;
							}
							_t1165 =  *_t947;
							if(_v5 == 0) {
								_t1581 = ((_t1165 & _t1775 | _t1165 >> 0x00000010) >> 0x00000008 | (_t1165 << 0x00000010 | _t1165 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x00000001;
								__eflags = _t1581;
								 *(_t1774 + 0x859c) = _t1581;
							} else {
								 *(_t1774 + 0x859c) = _t1165 >>  *(_t1774 + 0x18) & 0x00000001;
							}
							 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 1;
							if( *(_t1774 + 0x18) >= 0x10) {
								 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
								 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
								 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
							}
							_t947 =  *(_t1774 + 0x14);
							if(_t947 >  *((intOrPtr*)(_t1774 + 0x1c))) {
								__eflags = _t1180;
								if(_t1180 == 0) {
									goto L307;
								}
								_t948 =  *_t1692;
								_push("return_2");
								goto L306;
							} else {
								_t1167 =  *_t947;
								if(_v5 == 0) {
									_t1588 = ((_t1167 & _t1775 | _t1167 >> 0x00000010) >> 0x00000008 | (_t1167 << 0x00000010 | _t1167 & 0x0000ff00) << 0x00000008) >>  *(_t1774 + 0x18) & 0x00000003;
									__eflags = _t1588;
									 *(_t1774 + 0x85a0) = _t1588;
								} else {
									 *(_t1774 + 0x85a0) = _t1167 >>  *(_t1774 + 0x18) & 0x00000003;
								}
								 *(_t1774 + 0x18) =  *(_t1774 + 0x18) + 2;
								if( *(_t1774 + 0x18) >= 0x10) {
									 *(_t1774 + 0x10) =  *(_t1774 + 0x10) + 2;
									 *(_t1774 + 0x18) =  *(_t1774 + 0x18) & 0x0000000f;
									 *(_t1774 + 0x14) =  *(_t1774 + 0x10);
								}
								_t947 =  *(_t1774 + 0x85a0);
								if(_t947 > 2) {
									__eflags = _t1180;
									if(_t1180 == 0) {
										goto L307;
									}
									 *((intOrPtr*)( *_t1692 + 0x2c))("inflateBuffer_blockType",  *(_t1774 + 0x85a0));
									_t948 =  *_t1692;
									_push("return_3");
									goto L306;
								} else {
									 *(_t1774 + 4) = _t947;
									 *(_t1774 + 0xc) =  *(_t1774 + 0x859c);
									goto L288;
								}
							}
						} else {
							L299:
							_t947 =  *(_t1774 + 0x20);
							__eflags = _t947 -  *(_t1774 + 0x24);
							if(_t947 >  *(_t1774 + 0x24)) {
								L301:
								_v4 = _v4 & 0x00000000;
								_t947 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 0x10))( &_v4);
								__eflags = _t947;
								if(_t947 == 0) {
									goto L307;
								}
								_t947 =  *(_t1774 + 0x24);
								_t1543 =  *(_t1774 + 0x20) - _t947;
								__eflags = _v8 - _t1543;
								if(_v8 < _t1543) {
									goto L307;
								}
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1774 + 0x802c)))) + 4))(_t947 + _t1774 + 0x28, _t1543);
								 *(_t1774 + 0x20) =  *(_t1774 + 0x20) & 0x00007fff;
								_t962 =  *(_t1774 + 0x20);
								 *(_t1774 + 0x24) = _t962;
								return _t962;
							}
							__eflags = _t947 - 0x8000;
							if(_t947 < 0x8000) {
								goto L307;
							}
							goto L301;
						}
					}
				}
			}







































































































































                    0x0043c42d
                    0x0043c434
                    0x0043c43a
                    0x0043c43c
                    0x0043c447
                    0x0043c447
                    0x0043c44a
                    0x0043c44f
                    0x0043c456
                    0x0043c45a
                    0x0043c460
                    0x0043db80
                    0x0043db80
                    0x0043db82
                    0x0043db96
                    0x0043db96
                    0x0043db96
                    0x0043db84
                    0x0043db86
                    0x0043db8b
                    0x00000000
                    0x0043db8d
                    0x0043c466
                    0x0043c46c
                    0x00000000
                    0x0043c472
                    0x0043c472
                    0x0043c477
                    0x0043c47a
                    0x0043c47f
                    0x0043c482
                    0x00000000
                    0x0043c487
                    0x0043c487
                    0x0043c489
                    0x0043c497
                    0x0043c497
                    0x0043c49a
                    0x0043c4a0
                    0x0043c4ac
                    0x0043c4b2
                    0x0043c4b8
                    0x0043c5b1
                    0x0043c5b3
                    0x0043c704
                    0x0043c707
                    0x0043c715
                    0x0043c718
                    0x0043cd6d
                    0x0043cd70
                    0x0043ce52
                    0x0043ce55
                    0x0043d43b
                    0x0043d43e
                    0x00000000
                    0x00000000
                    0x0043d452
                    0x0043d466
                    0x0043d46c
                    0x0043d46c
                    0x0043d471
                    0x0043d474
                    0x0043d480
                    0x0043d482
                    0x0043d4a6
                    0x0043d4a6
                    0x0043d476
                    0x0043d476
                    0x0043d47c
                    0x0043d47c
                    0x0043d4af
                    0x0043d4b5
                    0x0043d4c1
                    0x0043d4c4
                    0x0043d4ca
                    0x0043d4cd
                    0x00000000
                    0x00000000
                    0x0043d4fc
                    0x0043d501
                    0x0043d537
                    0x0043d539
                    0x0043d540
                    0x0043d540
                    0x0043d542
                    0x0043d503
                    0x0043d50c
                    0x0043d50c
                    0x0043d54e
                    0x0043d551
                    0x0043d551
                    0x0043d559
                    0x0043d55c
                    0x0043d55d
                    0x0043d563
                    0x0043d565
                    0x00000000
                    0x00000000
                    0x0043d56b
                    0x0043d56e
                    0x00000000
                    0x00000000
                    0x0043d574
                    0x0043d577
                    0x00000000
                    0x00000000
                    0x0043d587
                    0x0043d58a
                    0x0043d58d
                    0x0043d58f
                    0x0043d593
                    0x0043d593
                    0x0043d593
                    0x0043d59a
                    0x0043d59a
                    0x0043d59d
                    0x0043d5a4
                    0x0043d5a9
                    0x0043d5af
                    0x0043d5b2
                    0x0043d5fc
                    0x0043d5fc
                    0x0043d5fe
                    0x0043d5b4
                    0x0043d5c5
                    0x0043d5c5
                    0x0043d613
                    0x0043d613
                    0x0043d61b
                    0x0043d61e
                    0x0043d621
                    0x00000000
                    0x00000000
                    0x0043d62d
                    0x0043d631
                    0x0043d634
                    0x0043d637
                    0x0043d639
                    0x0043d63d
                    0x0043d63d
                    0x0043d63d
                    0x0043d641
                    0x0043d644
                    0x0043d644
                    0x0043d647
                    0x0043d64d
                    0x0043d64f
                    0x0043d6bd
                    0x0043d6c0
                    0x0043da79
                    0x0043da7e
                    0x0043da81
                    0x0043da88
                    0x0043da8e
                    0x0043da8f
                    0x0043da97
                    0x0043da9c
                    0x0043da9d
                    0x0043daa4
                    0x0043daa7
                    0x0043daa7
                    0x0043daa7
                    0x0043daab
                    0x0043daaf
                    0x0043dab8
                    0x00000000
                    0x00000000
                    0x0043daba
                    0x00000000
                    0x0043daba
                    0x0043d6c6
                    0x0043d6c8
                    0x0043d75f
                    0x0043d765
                    0x0043d765
                    0x0043d76a
                    0x0043d76d
                    0x0043d793
                    0x0043d793
                    0x0043d76f
                    0x0043d76f
                    0x0043d76f
                    0x0043d79a
                    0x0043d79a
                    0x0043d7a0
                    0x0043d7ae
                    0x0043d7b1
                    0x0043d7b7
                    0x0043d7ba
                    0x0043d7c0
                    0x0043d7c0
                    0x0043d7c2
                    0x00000000
                    0x00000000
                    0x0043d7c8
                    0x0043d7cf
                    0x00000000
                    0x00000000
                    0x0043d7d5
                    0x0043d7d8
                    0x00000000
                    0x00000000
                    0x0043d7e8
                    0x0043d7eb
                    0x0043d7ee
                    0x0043d7f0
                    0x0043d7f4
                    0x0043d7f4
                    0x0043d7f4
                    0x0043d7fb
                    0x0043d7fb
                    0x0043d7fe
                    0x0043d805
                    0x0043d80a
                    0x0043d810
                    0x0043d813
                    0x0043d85d
                    0x0043d85d
                    0x0043d85f
                    0x0043d815
                    0x0043d826
                    0x0043d826
                    0x0043d876
                    0x0043d877
                    0x0043d87a
                    0x0043d880
                    0x0043d883
                    0x0043d883
                    0x0043d88e
                    0x0043d891
                    0x0043d894
                    0x00000000
                    0x00000000
                    0x0043d8a4
                    0x0043d8a7
                    0x0043d8aa
                    0x0043d8ac
                    0x0043d8b0
                    0x0043d8b0
                    0x0043d8b0
                    0x0043d8b7
                    0x0043d8b7
                    0x0043d8ba
                    0x0043d8bd
                    0x0043d8c0
                    0x0043d8c2
                    0x00000000
                    0x0043d8c8
                    0x0043d8cb
                    0x0043d8cd
                    0x0043d919
                    0x0043d91e
                    0x0043d937
                    0x0043d959
                    0x0043d969
                    0x0043d969
                    0x0043d920
                    0x0043d928
                    0x0043d933
                    0x0043d933
                    0x0043d96e
                    0x0043d976
                    0x0043d982
                    0x0043d982
                    0x0043d8cf
                    0x0043d8cf
                    0x0043d8d4
                    0x0043d8d7
                    0x0043d8e9
                    0x0043d8e9
                    0x0043d8d9
                    0x0043d8d9
                    0x0043d8d9
                    0x0043d901
                    0x0043d909
                    0x0043d915
                    0x0043d915
                    0x0043d98a
                    0x0043d990
                    0x0043d993
                    0x0043d996
                    0x0043d998
                    0x0043d99c
                    0x0043d99c
                    0x0043d99c
                    0x0043d9a3
                    0x0043d9a3
                    0x0043d9ab
                    0x0043d9ab
                    0x0043d9b1
                    0x0043d9b7
                    0x0043d9ba
                    0x0043d9bc
                    0x0043d9be
                    0x0043d9be
                    0x0043d9c7
                    0x0043d9c9
                    0x0043d9cf
                    0x0043d9d1
                    0x0043d9d7
                    0x0043d9d9
                    0x0043d9d9
                    0x0043d9db
                    0x0043d9db
                    0x0043d9dd
                    0x0043d9e3
                    0x0043d9e9
                    0x0043d9f6
                    0x0043d9fa
                    0x0043d9fd
                    0x0043da03
                    0x0043da03
                    0x0043da03
                    0x0043da09
                    0x0043da09
                    0x0043da0e
                    0x0043da10
                    0x00000000
                    0x00000000
                    0x0043da18
                    0x0043da24
                    0x0043da27
                    0x0043da29
                    0x00000000
                    0x00000000
                    0x0043da2f
                    0x0043da35
                    0x0043da37
                    0x0043da3b
                    0x00000000
                    0x00000000
                    0x0043da4f
                    0x0043da52
                    0x0043da52
                    0x0043da52
                    0x0043da58
                    0x0043da5b
                    0x0043da5b
                    0x0043da5b
                    0x00000000
                    0x0043da68
                    0x0043d8c2
                    0x0043d6ce
                    0x0043d6d1
                    0x0043d6d4
                    0x00000000
                    0x00000000
                    0x0043d6da
                    0x0043d6df
                    0x0043d723
                    0x0043d723
                    0x0043d6e1
                    0x0043d6f0
                    0x0043d6f0
                    0x0043d737
                    0x0043d73a
                    0x0043d73d
                    0x0043d743
                    0x0043d745
                    0x0043d749
                    0x0043d750
                    0x0043d750
                    0x00000000
                    0x0043d651
                    0x0043d651
                    0x0043d65d
                    0x0043d661
                    0x0043d664
                    0x0043d66b
                    0x00000000
                    0x00000000
                    0x0043d679
                    0x0043d684
                    0x0043d687
                    0x0043d689
                    0x00000000
                    0x00000000
                    0x0043d68f
                    0x0043d695
                    0x0043d697
                    0x0043d69b
                    0x00000000
                    0x00000000
                    0x0043d6af
                    0x0043d6b2
                    0x0043d6b5
                    0x00000000
                    0x0043d6b5
                    0x0043d64f
                    0x0043d4cf
                    0x0043d4d2
                    0x00000000
                    0x00000000
                    0x0043d4dc
                    0x0043d4df
                    0x0043d4e3
                    0x0043d4e9
                    0x0043d4ed
                    0x0043d4f4
                    0x0043d4f4
                    0x00000000
                    0x0043d4e3
                    0x0043ce5b
                    0x0043ce68
                    0x0043ce6e
                    0x0043ce7b
                    0x0043ce81
                    0x0043ce81
                    0x0043ce86
                    0x0043ce89
                    0x0043cea2
                    0x0043cea4
                    0x0043cecf
                    0x0043cecf
                    0x0043ced1
                    0x0043ce8b
                    0x0043ce90
                    0x0043ce9a
                    0x0043ce9a
                    0x0043cee1
                    0x0043cee7
                    0x0043ceea
                    0x0043cef0
                    0x0043cef3
                    0x00000000
                    0x00000000
                    0x0043cf22
                    0x0043cf27
                    0x0043cf61
                    0x0043cf61
                    0x0043cf63
                    0x0043cf29
                    0x0043cf32
                    0x0043cf32
                    0x0043cf6d
                    0x0043cf73
                    0x0043cf79
                    0x0043cf79
                    0x0043cf7c
                    0x0043cf82
                    0x0043cf85
                    0x0043cf88
                    0x0043cf8e
                    0x00000000
                    0x00000000
                    0x0043cf94
                    0x0043cf97
                    0x00000000
                    0x00000000
                    0x0043cf9d
                    0x0043cfa0
                    0x00000000
                    0x00000000
                    0x0043cfb0
                    0x0043cfb3
                    0x0043cfb7
                    0x0043cfb9
                    0x0043cfbd
                    0x0043cfbd
                    0x0043cfbd
                    0x0043cfc4
                    0x0043cfc4
                    0x0043cfc7
                    0x0043cfce
                    0x0043cfd3
                    0x0043cfd9
                    0x0043cfdc
                    0x0043d026
                    0x0043d026
                    0x0043d028
                    0x0043d02e
                    0x0043cfde
                    0x0043cfef
                    0x0043cfef
                    0x0043d038
                    0x0043d03e
                    0x0043d03e
                    0x0043d046
                    0x0043d049
                    0x0043d04c
                    0x00000000
                    0x00000000
                    0x0043d058
                    0x0043d05c
                    0x0043d05f
                    0x0043d063
                    0x0043d065
                    0x0043d069
                    0x0043d069
                    0x0043d069
                    0x0043d06d
                    0x0043d070
                    0x0043d070
                    0x0043d073
                    0x0043d079
                    0x0043d07c
                    0x0043d0eb
                    0x0043d0ee
                    0x0043ce49
                    0x0043ce49
                    0x00000000
                    0x0043ce49
                    0x0043d0f4
                    0x0043d0f6
                    0x0043d18e
                    0x0043d194
                    0x0043d194
                    0x0043d199
                    0x0043d19c
                    0x0043d1c2
                    0x0043d1c2
                    0x0043d19e
                    0x0043d19e
                    0x0043d19e
                    0x0043d1c9
                    0x0043d1c9
                    0x0043d1cf
                    0x0043d1d5
                    0x0043d1d7
                    0x0043d1dd
                    0x0043d1dd
                    0x0043d1e0
                    0x0043d1e6
                    0x0043d1e9
                    0x0043d1ec
                    0x0043d1f2
                    0x00000000
                    0x00000000
                    0x0043d1f8
                    0x0043d1fb
                    0x00000000
                    0x00000000
                    0x0043d201
                    0x0043d204
                    0x00000000
                    0x00000000
                    0x0043d214
                    0x0043d217
                    0x0043d21b
                    0x0043d21d
                    0x0043d221
                    0x0043d221
                    0x0043d221
                    0x0043d228
                    0x0043d228
                    0x0043d22b
                    0x0043d232
                    0x0043d237
                    0x0043d23d
                    0x0043d240
                    0x0043d28a
                    0x0043d28a
                    0x0043d28c
                    0x0043d292
                    0x0043d242
                    0x0043d253
                    0x0043d253
                    0x0043d29c
                    0x0043d2a2
                    0x0043d2a2
                    0x0043d2aa
                    0x0043d2ad
                    0x0043d2b0
                    0x00000000
                    0x00000000
                    0x0043d2c0
                    0x0043d2c3
                    0x0043d2c7
                    0x0043d2c9
                    0x0043d2cd
                    0x0043d2cd
                    0x0043d2cd
                    0x0043d2d4
                    0x0043d2d4
                    0x0043d2d7
                    0x0043d2da
                    0x0043d2dd
                    0x00000000
                    0x0043d2e3
                    0x0043d2e3
                    0x0043d2e8
                    0x0043d301
                    0x0043d323
                    0x0043d333
                    0x0043d333
                    0x0043d2ea
                    0x0043d2f2
                    0x0043d2fd
                    0x0043d2fd
                    0x0043d338
                    0x0043d340
                    0x0043d352
                    0x0043d357
                    0x0043d35b
                    0x0043d361
                    0x0043d363
                    0x0043d367
                    0x0043d367
                    0x0043d367
                    0x0043d36e
                    0x0043d36e
                    0x0043d371
                    0x0043d371
                    0x0043d37b
                    0x0043d381
                    0x0043d384
                    0x0043d386
                    0x0043d388
                    0x0043d388
                    0x0043d391
                    0x0043d393
                    0x0043d399
                    0x0043d39b
                    0x0043d3a1
                    0x0043d3a3
                    0x0043d3a3
                    0x0043d3a5
                    0x0043d3a5
                    0x0043d3a7
                    0x0043d3ad
                    0x0043d3b3
                    0x0043d3c0
                    0x0043d3c4
                    0x0043d3c7
                    0x0043d3cd
                    0x0043d3cd
                    0x0043d3cd
                    0x0043d3d3
                    0x0043d3d3
                    0x0043d3d8
                    0x0043d3da
                    0x00000000
                    0x00000000
                    0x0043d3e2
                    0x0043d3ee
                    0x0043d3f1
                    0x0043d3f3
                    0x00000000
                    0x00000000
                    0x0043d3f9
                    0x0043d3ff
                    0x0043d401
                    0x0043d405
                    0x00000000
                    0x00000000
                    0x0043d419
                    0x0043d41c
                    0x0043d41c
                    0x0043d41c
                    0x0043d426
                    0x0043d429
                    0x0043d429
                    0x0043d429
                    0x00000000
                    0x0043d436
                    0x0043d2dd
                    0x0043d0fc
                    0x0043d0ff
                    0x0043d102
                    0x00000000
                    0x00000000
                    0x0043d108
                    0x0043d10d
                    0x0043d151
                    0x0043d151
                    0x0043d10f
                    0x0043d11e
                    0x0043d11e
                    0x0043d165
                    0x0043d168
                    0x0043d16c
                    0x0043d172
                    0x0043d174
                    0x0043d178
                    0x0043d17f
                    0x0043d17f
                    0x00000000
                    0x0043d07e
                    0x0043d07e
                    0x0043d08a
                    0x0043d08e
                    0x0043d091
                    0x0043d098
                    0x00000000
                    0x00000000
                    0x0043d0a4
                    0x0043d0b0
                    0x0043d0b3
                    0x0043d0b5
                    0x00000000
                    0x00000000
                    0x0043d0bb
                    0x0043d0c1
                    0x0043d0c3
                    0x0043d0c7
                    0x00000000
                    0x00000000
                    0x0043d0db
                    0x0043d0de
                    0x0043d0e2
                    0x00000000
                    0x0043d0e2
                    0x0043d07c
                    0x0043cef5
                    0x0043cef8
                    0x00000000
                    0x00000000
                    0x0043cf02
                    0x0043cf05
                    0x0043cf09
                    0x0043cf0f
                    0x0043cf13
                    0x0043cf1a
                    0x0043cf1a
                    0x00000000
                    0x0043cf09
                    0x0043cd76
                    0x0043cd7a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043cd80
                    0x0043cd80
                    0x0043cd80
                    0x0043cd83
                    0x0043cd86
                    0x00000000
                    0x00000000
                    0x0043cd8c
                    0x0043cd91
                    0x0043cd93
                    0x0043cdc8
                    0x0043cdc8
                    0x0043cdca
                    0x0043cd95
                    0x0043cd9d
                    0x0043cd9d
                    0x0043cdce
                    0x0043cdd1
                    0x0043cdd5
                    0x0043cdd9
                    0x0043cddc
                    0x0043cdde
                    0x0043cde2
                    0x0043cde2
                    0x0043cde2
                    0x0043cde9
                    0x0043cde9
                    0x0043cdec
                    0x0043cdf1
                    0x0043ce40
                    0x0043ce40
                    0x0043ce40
                    0x0043ce40
                    0x0043ce43
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043cdf3
                    0x0043cdf9
                    0x0043ce05
                    0x0043ce08
                    0x0043ce0a
                    0x00000000
                    0x00000000
                    0x0043ce10
                    0x0043ce16
                    0x0043ce18
                    0x0043ce1c
                    0x00000000
                    0x00000000
                    0x0043ce30
                    0x0043ce33
                    0x0043ce33
                    0x0043ce33
                    0x0043ce3d
                    0x00000000
                    0x0043ce3d
                    0x0043cdf1
                    0x00000000
                    0x0043cd80
                    0x0043c71e
                    0x0043c721
                    0x0043c728
                    0x0043c72b
                    0x0043c731
                    0x00000000
                    0x00000000
                    0x0043c737
                    0x0043c73b
                    0x0043c73d
                    0x0043c73f
                    0x0043c77d
                    0x0043c77d
                    0x0043c783
                    0x0043c741
                    0x0043c74e
                    0x0043c74e
                    0x0043c789
                    0x0043c78d
                    0x0043c791
                    0x0043c793
                    0x0043c797
                    0x0043c797
                    0x0043c797
                    0x0043c79e
                    0x0043c79e
                    0x0043c7a1
                    0x0043c7a4
                    0x0043c7a7
                    0x0043c7ad
                    0x0043c7af
                    0x0043c7b1
                    0x0043c7eb
                    0x0043c7eb
                    0x0043c7ec
                    0x0043c7b3
                    0x0043c7bc
                    0x0043c7bc
                    0x0043c7f2
                    0x0043c7f6
                    0x0043c7fa
                    0x0043c7fc
                    0x0043c800
                    0x0043c800
                    0x0043c800
                    0x0043c807
                    0x0043c807
                    0x0043c80a
                    0x0043c80d
                    0x0043c810
                    0x0043c816
                    0x0043c818
                    0x0043c81a
                    0x0043c83f
                    0x0043c84e
                    0x0043c856
                    0x0043c856
                    0x0043c859
                    0x0043c81c
                    0x0043c81c
                    0x0043c824
                    0x0043c827
                    0x0043c827
                    0x0043c85f
                    0x0043c863
                    0x0043c867
                    0x0043c869
                    0x0043c86d
                    0x0043c86d
                    0x0043c86d
                    0x0043c871
                    0x0043c874
                    0x0043c874
                    0x0043c877
                    0x0043c881
                    0x0043c887
                    0x0043c88e
                    0x00000000
                    0x00000000
                    0x0043c8a0
                    0x0043c8a5
                    0x0043c8a8
                    0x0043c8ae
                    0x0043c8b4
                    0x0043c958
                    0x0043c958
                    0x0043c96f
                    0x0043c975
                    0x0043c97a
                    0x0043c97d
                    0x0043c983
                    0x0043c985
                    0x0043db17
                    0x0043db17
                    0x0043db1a
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043db27
                    0x0043c98b
                    0x0043c991
                    0x0043db0e
                    0x00000000
                    0x0043db0e
                    0x0043c9a3
                    0x0043c9a5
                    0x0043c9a7
                    0x0043c9ad
                    0x0043c9b5
                    0x0043c9bc
                    0x0043c9c3
                    0x0043c9c5
                    0x0043c9cb
                    0x0043ccda
                    0x0043ccdc
                    0x0043ccfe
                    0x0043cd05
                    0x0043cd0a
                    0x0043cd0d
                    0x0043cd13
                    0x0043cd15
                    0x00000000
                    0x00000000
                    0x0043cd22
                    0x0043cd4f
                    0x0043cd54
                    0x0043cd5b
                    0x0043cd5e
                    0x0043cd62
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043c9d1
                    0x0043c9d1
                    0x0043c9d1
                    0x0043c9d4
                    0x0043c9d7
                    0x00000000
                    0x00000000
                    0x0043c9dd
                    0x0043c9e2
                    0x0043c9e4
                    0x0043ca1d
                    0x0043ca1d
                    0x0043ca23
                    0x0043c9e6
                    0x0043c9f1
                    0x0043c9f1
                    0x0043ca31
                    0x0043ca38
                    0x0043ca3b
                    0x0043ca41
                    0x0043ca45
                    0x0043ca48
                    0x0043ca4c
                    0x0043ca52
                    0x0043ca54
                    0x0043ca58
                    0x0043ca58
                    0x0043ca58
                    0x0043ca5f
                    0x0043ca5f
                    0x0043ca62
                    0x0043ca66
                    0x0043ca69
                    0x0043ca6f
                    0x0043ca8f
                    0x0043cb51
                    0x0043cb54
                    0x0043cb57
                    0x0043cc11
                    0x0043cc14
                    0x00000000
                    0x00000000
                    0x0043cc1a
                    0x0043cc1f
                    0x0043cc21
                    0x0043cc5d
                    0x0043cc5d
                    0x0043cc60
                    0x0043cc23
                    0x0043cc2e
                    0x0043cc2e
                    0x0043cc66
                    0x0043cc6a
                    0x0043cc6e
                    0x0043cc70
                    0x0043cc74
                    0x0043cc74
                    0x0043cc74
                    0x0043cc7b
                    0x0043cc7b
                    0x0043cc7e
                    0x0043cc8c
                    0x0043cc92
                    0x00000000
                    0x0043cc98
                    0x0043cc98
                    0x0043cc98
                    0x0043cc9b
                    0x0043cc9d
                    0x0043cca3
                    0x00000000
                    0x00000000
                    0x0043ccab
                    0x0043ccb3
                    0x0043ccb9
                    0x0043ccb9
                    0x0043ccc1
                    0x0043ccc1
                    0x0043ccc1
                    0x0043ccc1
                    0x00000000
                    0x0043ccc1
                    0x0043cc92
                    0x0043cb5d
                    0x0043cb60
                    0x00000000
                    0x00000000
                    0x0043cb66
                    0x0043cb6b
                    0x0043cb6d
                    0x0043cba9
                    0x0043cba9
                    0x0043cbac
                    0x0043cb6f
                    0x0043cb7a
                    0x0043cb7a
                    0x0043cbb2
                    0x0043cbb6
                    0x0043cbba
                    0x0043cbbc
                    0x0043cbc0
                    0x0043cbc0
                    0x0043cbc0
                    0x0043cbc7
                    0x0043cbc7
                    0x0043cbca
                    0x0043cbd8
                    0x0043cbde
                    0x00000000
                    0x0043cbe4
                    0x0043cbe4
                    0x0043cbe4
                    0x0043cbe7
                    0x0043cbe9
                    0x0043cbef
                    0x00000000
                    0x00000000
                    0x0043cbfb
                    0x0043cc03
                    0x0043cc09
                    0x0043cc09
                    0x00000000
                    0x0043cbe4
                    0x0043cbde
                    0x0043ca95
                    0x0043ca98
                    0x0043ca9b
                    0x00000000
                    0x00000000
                    0x0043caa1
                    0x0043caa6
                    0x0043caa8
                    0x0043cae4
                    0x0043cae4
                    0x0043cae7
                    0x0043caaa
                    0x0043cab5
                    0x0043cab5
                    0x0043caed
                    0x0043caf1
                    0x0043caf5
                    0x0043caf7
                    0x0043cafb
                    0x0043cafb
                    0x0043cafb
                    0x0043cb02
                    0x0043cb02
                    0x0043cb05
                    0x0043cb13
                    0x0043cb19
                    0x00000000
                    0x0043cb1f
                    0x0043cb1f
                    0x0043cb1f
                    0x0043cb22
                    0x0043cb24
                    0x0043cb2a
                    0x00000000
                    0x00000000
                    0x0043cb3c
                    0x0043cb43
                    0x0043cb49
                    0x0043cb49
                    0x00000000
                    0x0043cb1f
                    0x0043ca71
                    0x0043ca71
                    0x0043ca77
                    0x0043ca7d
                    0x0043ca84
                    0x0043ccc8
                    0x0043ccce
                    0x0043ccd4
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043ccd4
                    0x0043ca6f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043c8ba
                    0x0043c8ba
                    0x0043c8ba
                    0x0043c8bd
                    0x0043c8c0
                    0x00000000
                    0x00000000
                    0x0043c8c6
                    0x0043c8cb
                    0x0043c8cd
                    0x0043c919
                    0x0043c91e
                    0x0043c91e
                    0x0043c921
                    0x0043c8cf
                    0x0043c8da
                    0x0043c8e4
                    0x0043c8e4
                    0x0043c928
                    0x0043c92c
                    0x0043c930
                    0x0043c932
                    0x0043c936
                    0x0043c936
                    0x0043c936
                    0x0043c93d
                    0x0043c93d
                    0x0043c940
                    0x0043c94c
                    0x0043c952
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043c952
                    0x0043c8ba
                    0x0043c881
                    0x0043c810
                    0x00000000
                    0x0043c7a7
                    0x0043c709
                    0x00000000
                    0x0043c709
                    0x0043c5b9
                    0x0043c5bc
                    0x0043c5bf
                    0x00000000
                    0x00000000
                    0x0043c5cd
                    0x0043c5ce
                    0x0043c5d0
                    0x0043c5d3
                    0x0043c5d9
                    0x0043c5db
                    0x0043c5de
                    0x0043c5e2
                    0x0043c5e4
                    0x0043c5e8
                    0x0043c5e8
                    0x0043c5e8
                    0x0043c5ef
                    0x0043c5ef
                    0x0043c5e2
                    0x0043c5f2
                    0x0043c5f5
                    0x0043c5f8
                    0x00000000
                    0x0043c5fe
                    0x0043c5fe
                    0x0043c603
                    0x0043c605
                    0x0043c663
                    0x0043c66f
                    0x0043c673
                    0x0043c679
                    0x0043c67b
                    0x0043c67f
                    0x0043c67f
                    0x0043c67f
                    0x0043c686
                    0x0043c686
                    0x0043c689
                    0x0043c6b0
                    0x0043c6b0
                    0x0043c6b2
                    0x0043c607
                    0x0043c60a
                    0x0043c615
                    0x0043c619
                    0x0043c61f
                    0x0043c621
                    0x0043c625
                    0x0043c625
                    0x0043c625
                    0x0043c62c
                    0x0043c62c
                    0x0043c62f
                    0x0043c639
                    0x0043c639
                    0x0043c6c0
                    0x0043c6c5
                    0x0043c6cb
                    0x00000000
                    0x0043c6d1
                    0x0043c6d1
                    0x0043c6d4
                    0x00000000
                    0x00000000
                    0x0043c6da
                    0x0043c6de
                    0x0043c6e2
                    0x0043c6e4
                    0x0043c6e8
                    0x0043c6e8
                    0x0043c6e8
                    0x0043c6ef
                    0x0043c6ef
                    0x0043c6f8
                    0x0043c6fc
                    0x00000000
                    0x0043c6fc
                    0x0043c6cb
                    0x0043c5f8
                    0x0043c4be
                    0x0043c4c4
                    0x0043dac3
                    0x0043dac5
                    0x00000000
                    0x00000000
                    0x0043dacb
                    0x0043dacd
                    0x00000000
                    0x0043dacd
                    0x0043c4cf
                    0x0043c4d1
                    0x0043c507
                    0x0043c507
                    0x0043c50a
                    0x0043c4d3
                    0x0043c4db
                    0x0043c4db
                    0x0043c510
                    0x0043c517
                    0x0043c519
                    0x0043c51d
                    0x0043c524
                    0x0043c524
                    0x0043c527
                    0x0043c52d
                    0x0043dad7
                    0x0043dad9
                    0x00000000
                    0x00000000
                    0x0043dadf
                    0x0043dae1
                    0x00000000
                    0x0043c533
                    0x0043c538
                    0x0043c53a
                    0x0043c570
                    0x0043c570
                    0x0043c573
                    0x0043c53c
                    0x0043c544
                    0x0043c544
                    0x0043c579
                    0x0043c581
                    0x0043c583
                    0x0043c587
                    0x0043c58e
                    0x0043c58e
                    0x0043c591
                    0x0043c59a
                    0x0043daeb
                    0x0043daed
                    0x00000000
                    0x00000000
                    0x0043db02
                    0x0043db05
                    0x0043db07
                    0x00000000
                    0x0043c5a0
                    0x0043c5a0
                    0x0043c5a9
                    0x00000000
                    0x0043c5a9
                    0x0043c59a
                    0x0043db2a
                    0x0043db2a
                    0x0043db2a
                    0x0043db2d
                    0x0043db30
                    0x0043db39
                    0x0043db3f
                    0x0043db4b
                    0x0043db4e
                    0x0043db50
                    0x00000000
                    0x00000000
                    0x0043db52
                    0x0043db58
                    0x0043db5a
                    0x0043db5e
                    0x00000000
                    0x00000000
                    0x0043db6e
                    0x0043db71
                    0x0043db78
                    0x0043db7b
                    0x00000000
                    0x0043db7b
                    0x0043db32
                    0x0043db37
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043db37
                    0x0043c4a0
                    0x0043c487

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID: No data to inflate.$inflateBuffer_blockType$inflateDataB$m_state$return_1$return_2$return_3
                    • API String ID: 0-2197917323
                    • Opcode ID: be79295f5ae9d76666be9874936454b36b08eeddc85ce41828d6ef1cd8a686ea
                    • Instruction ID: 79015e8e164b7af6f6fd1b952b5b419f68cb75e522e7e7a810e5b73f631ad809
                    • Opcode Fuzzy Hash: be79295f5ae9d76666be9874936454b36b08eeddc85ce41828d6ef1cd8a686ea
                    • Instruction Fuzzy Hash: ABF22A71A00B008FD374CF29D894666B7F1FB98311F148A2ED4DB87652DB78B949CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042D2C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                    Download Yara Rule
                    C-Code - Quality: 91%
                    			E0042D2C5(void* __ecx, void* __eflags) {
				char _v8;
				struct _OSVERSIONINFOA _v156;
				char _v416;
				char _v4656;
				void* _t24;
				CHAR* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				char _t38;
				void* _t40;
				char* _t44;
				char* _t45;
				char* _t50;

				E00429440(0x122c, __ecx);
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0 && _v156.dwPlatformId == 2 && _v156.dwMajorVersion >= 5) {
					_t40 = 1;
					return _t40;
				}
				if(GetEnvironmentVariableA("__MSVCRT_HEAP_SELECT",  &_v4656, 0x1090) == 0) {
					L28:
					_t24 = E0042D298( &_v8);
					asm("sbb eax, eax");
					return _t24 + 3;
				}
				_t44 =  &_v4656;
				if(_v4656 != 0) {
					do {
						_t38 =  *_t44;
						if(_t38 >= 0x61 && _t38 <= 0x7a) {
							 *_t44 = _t38 - 0x20;
						}
						_t44 = _t44 + 1;
					} while ( *_t44 != 0);
				}
				if(L00429A00("__GLOBAL_HEAP_SELECTED",  &_v4656, 0x16) != 0) {
					GetModuleFileNameA(0,  &_v416, 0x104);
					_t45 =  &_v416;
					if(_v416 != 0) {
						do {
							_t36 =  *_t45;
							if(_t36 >= 0x61 && _t36 <= 0x7a) {
								 *_t45 = _t36 - 0x20;
							}
							_t45 = _t45 + 1;
						} while ( *_t45 != 0);
					}
					_t32 = L004298F0( &_v4656,  &_v416);
				} else {
					_t32 =  &_v4656;
				}
				if(_t32 == 0) {
					goto L28;
				}
				_t33 = L004296D0(_t32, 0x2c);
				if(_t33 == 0) {
					goto L28;
				}
				_t34 = _t33 + 1;
				_t50 = _t34;
				if( *_t34 != 0) {
					do {
						if( *_t50 != 0x3b) {
							_t50 = _t50 + 1;
						} else {
							 *_t50 = 0;
						}
					} while ( *_t50 != 0);
				}
				_t35 = E0043210D(_t34, 0, 0xa);
				if(_t35 != 2 && _t35 != 3 && _t35 != 1) {
					goto L28;
				}
				return _t35;
			}


















                    0x0042d2cd
                    0x0042d2da
                    0x0042d2ec
                    0x0042d302
                    0x00000000
                    0x0042d302
                    0x0042d321
                    0x0042d3f7
                    0x0042d3fb
                    0x0042d405
                    0x00000000
                    0x0042d407
                    0x0042d329
                    0x0042d335
                    0x0042d337
                    0x0042d337
                    0x0042d33b
                    0x0042d343
                    0x0042d343
                    0x0042d345
                    0x0042d346
                    0x0042d337
                    0x0042d362
                    0x0042d379
                    0x0042d385
                    0x0042d38b
                    0x0042d38d
                    0x0042d38d
                    0x0042d391
                    0x0042d399
                    0x0042d399
                    0x0042d39b
                    0x0042d39c
                    0x0042d38d
                    0x0042d3ae
                    0x0042d364
                    0x0042d364
                    0x0042d364
                    0x0042d3b7
                    0x00000000
                    0x00000000
                    0x0042d3bc
                    0x0042d3c5
                    0x00000000
                    0x00000000
                    0x0042d3c7
                    0x0042d3c8
                    0x0042d3cc
                    0x0042d3ce
                    0x0042d3d1
                    0x0042d3d7
                    0x0042d3d3
                    0x0042d3d3
                    0x0042d3d3
                    0x0042d3d8
                    0x0042d3ce
                    0x0042d3e0
                    0x0042d3eb
                    0x00000000
                    0x00000000
                    0x0042d40c

                    APIs
                    • GetVersionExA.KERNEL32 ref: 0042D2E4
                    • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0042D319
                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0042D379
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: EnvironmentFileModuleNameVariableVersion
                    • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                    • API String ID: 1385375860-4131005785
                    • Opcode ID: 2b8ee25888e1c4d492fc2fcd5dc5d002d3893acaba7b1c9035725f3d2ae1ca2f
                    • Instruction ID: 5eb3f56fde7c549e10520d32564e42a0485e714e18c03a777b152f099ba18501
                    • Opcode Fuzzy Hash: 2b8ee25888e1c4d492fc2fcd5dc5d002d3893acaba7b1c9035725f3d2ae1ca2f
                    • Instruction Fuzzy Hash: DE311572F042A86DEB35D670BC41BEE37689B06304FA400DBD985C6242D67CDD85CB1A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043721A Relevance: 4.9, Strings: 2, Instructions: 2407COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 96%
                    			E0043721A(intOrPtr __ecx, unsigned int _a4, signed int _a7) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				unsigned int _v48;
				signed char** _v52;
				unsigned int _v56;
				signed char** _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				unsigned int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v96;
				signed int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				unsigned int _v124;
				signed char** _v128;
				int _t1379;
				signed int _t1924;
				signed char*** _t2560;

				_t2560 = _a4;
				_t1379 = 0;
				_v96 = __ecx;
				if(_t2560[1] == 0xa) {
					_t2560[0x3e85] = 0;
					_t2560[0x3e86] = 0;
					_t2560[0x3e87] = 0;
					_t2560[0x3e88] = 0;
					_t2560[0x3e89] = 0;
					_t2560[0x3e8a] = 0;
					_t2560[0x3e8b] = 0;
					_t2560[0x3e8c] = 0;
					_t2560[0x3e8d] = 0;
					_t2560[0x3e8e] = 0;
					_t2560[0x3e8f] = 0;
					_t2560[0x3e90] = 0;
					_t2560[0x3e91] = 0;
					_t2560[0x3e92] = 0;
					_t2560[0x3e93] = 0;
					_t2560[0x3e94] = 0;
					_t2560[0x3e95] = 0;
					_t2560[0x3e96] = 0;
					_t2560[0x3e97] = 0;
					_t2560[0x3e98] = 0;
					_t2560[0x3e99] = 0;
					_t2560[0x3e9a] = 0;
					_t2560[0x3e9b] = 0;
					_t2560[0x3e9c] = 0;
				}
				_v8 = _t2560[0x3e85];
				_v20 = _t2560[0x3e86];
				_v40 = _t2560[0x3e87];
				_v64 = _t2560[0x3e88];
				_v44 = _t2560[0x3e89];
				_v48 = _t2560[0x3e8a];
				_v100 = _t2560[0x3e8b];
				_v68 = _t2560[0x3e8c];
				_v28 = _t2560[0x3e8d];
				_v84 = _t2560[0x3e8e];
				_v80 = _t2560[0x3e8f];
				_v16 = _t2560[0x3e90];
				_v12 = _t2560[0x3e91];
				_v72 = _t2560[0x3e92];
				_v32 = _t2560[0x3e93];
				_v128 = _t2560[0x3e94];
				_v24 = _t2560[0x3e96];
				_v88 = _t2560[0x3e97];
				_v92 = _t2560[0x3e98];
				_v76 = _t2560[0x3e99];
				_v52 = _t2560[0x3e9a];
				_v56 = _t2560[0x3e9b];
				_v60 = _t2560[0x3e9c];
				_t1924 =  &(_t2560[1][0xfffffffffffffffe]);
				_v36 = _t2560[0x3e95];
				if(_t1924 > 0x28) {
					L445:
					_t2560[0x3e85] = _v8;
					_t2560[0x3e86] = _v20;
					_t2560[0x3e87] = _v40;
					_t2560[0x3e88] = _v64;
					_t2560[0x3e89] = _v44;
					_t2560[0x3e8a] = _v48;
					_t2560[0x3e8b] = _v100;
					_t2560[0x3e8c] = _v68;
					_t2560[0x3e8d] = _v28;
					_t2560[0x3e8e] = _v84;
					_t2560[0x3e8f] = _v80;
					_t2560[0x3e90] = _v16;
					_t2560[0x3e91] = _v12;
					_t2560[0x3e92] = _v72;
					_t2560[0x3e93] = _v32;
					_t2560[0x3e94] = _v128;
					_t2560[0x3e95] = _v36;
					_t2560[0x3e96] = _v24;
					_t2560[0x3e97] = _v88;
					_t2560[0x3e98] = _v92;
					_t2560[0x3e99] = _v76;
					_t2560[0x3e9a] = _v52;
					_t2560[0x3e9b] = _v56;
					_t2560[0x3e9c] = _v60;
					return _t1379;
				}
				switch( *((intOrPtr*)(_t1924 * 4 +  &M0043903B))) {
					case 0:
						_t2560[1] = 0xa;
						while(1) {
							_t1949 = _t2560[8];
							if(_t1949 >= 8) {
								break;
							}
							_t1799 =  *_t2560;
							if(_t1799[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1799) & 0x000000ff;
								_t2560[8] = _t1949 + 8;
								 *_t1799 =  &(( *_t1799)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1802 =  *_t2560;
								if(_t1802[2] == 0) {
									_t1802[3] =  &(_t1802[3][1]);
								}
								continue;
							}
						}
						_t2201 = _t2560[8];
						_t2560[8] = _t2201 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2201 - 0x00000008 & 0x000000ff) - 0x42;
						if((_t2560[7] >> _t2201 - 0x00000008 & 0x000000ff) == 0x42) {
							goto L11;
						} else {
							_push(0xffffffce);
							goto L444;
						}
					case 1:
						L11:
						_t2560[1] = 0xb;
						while(1) {
							_t1951 = _t2560[8];
							__eflags = _t1951 - 8;
							if(_t1951 >= 8) {
								break;
							}
							_t1795 =  *_t2560;
							__eflags = _t1795[1];
							if(_t1795[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1795) & 0x000000ff;
								_t2560[8] = _t1951 + 8;
								 *_t1795 =  &(( *_t1795)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1798 =  *_t2560;
								__eflags = _t1798[2];
								if(_t1798[2] == 0) {
									_t1798[3] =  &(_t1798[3][1]);
								}
								continue;
							}
						}
						_t2203 = _t2560[8];
						_t2560[8] = _t2203 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2203 - 0x00000008 & 0x000000ff) - 0x5a;
						if((_t2560[7] >> _t2203 - 0x00000008 & 0x000000ff) == 0x5a) {
							goto L18;
						} else {
							_push(0xffffffcd);
							goto L444;
						}
					case 2:
						L18:
						_t2560[1] = 0xc;
						while(1) {
							_t1953 = _t2560[8];
							__eflags = _t1953 - 8;
							if(_t1953 >= 8) {
								break;
							}
							_t1791 =  *_t2560;
							__eflags = _t1791[1];
							if(_t1791[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1791) & 0x000000ff;
								_t2560[8] = _t1953 + 8;
								 *_t1791 =  &(( *_t1791)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1794 =  *_t2560;
								__eflags = _t1794[2];
								if(_t1794[2] == 0) {
									_t1794[3] =  &(_t1794[3][1]);
								}
								continue;
							}
						}
						_t2205 = _t2560[8];
						_t2560[8] = _t2205 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2205 - 0x00000008 & 0x000000ff) - 0x68;
						if((_t2560[7] >> _t2205 - 0x00000008 & 0x000000ff) == 0x68) {
							goto L25;
						} else {
							_push(0xffffffcc);
							goto L444;
						}
					case 3:
						L25:
						_t2560[1] = 0xd;
						while(1) {
							_t1955 = _t2560[8];
							__eflags = _t1955 - 8;
							if(_t1955 >= 8) {
								break;
							}
							_t1787 =  *_t2560;
							__eflags = _t1787[1];
							if(_t1787[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1787) & 0x000000ff;
								_t2560[8] = _t1955 + 8;
								 *_t1787 =  &(( *_t1787)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1790 =  *_t2560;
								__eflags = _t1790[2];
								if(_t1790[2] == 0) {
									_t1790[3] =  &(_t1790[3][1]);
								}
								continue;
							}
						}
						_t2207 = _t2560[8];
						_t2560[8] = _t2207 + 0xfffffff8;
						_t1391 = _t2560[7] >> _t2207 - 0x00000008 & 0x000000ff;
						__eflags = _t1391 - 0x31;
						_t2560[9] = _t1391;
						if(_t1391 < 0x31) {
							L38:
							_push(0xffffffcb);
							goto L444;
						}
						__eflags = _t1391 - 0x39;
						if(_t1391 > 0x39) {
							goto L38;
						}
						_t1392 = _t1391 + 0xffffffd0;
						__eflags = _t2560[0xa];
						_t2560[9] = _t1392;
						if(_t2560[0xa] == 0) {
							__eflags = _t1392 * 0x61a80;
							_t1394 = E0042929A(_t1392 * 0x61a80);
							_t2560[0x313] = _t1394;
							L36:
							__eflags = _t1394;
							if(_t1394 != 0) {
								goto L39;
							}
							L37:
							_push(0xfffffffd);
							goto L444;
						}
						_t2560[0x314] = E0042929A(_t1392 * 0x30d40);
						_t1394 = E0042929A(1 + _t2560[9] * 0x186a0 >> 1);
						__eflags = _t2560[0x314];
						_t2560[0x315] = _t1394;
						if(_t2560[0x314] == 0) {
							goto L37;
						} else {
							goto L36;
						}
					case 4:
						L39:
						_t2560[1] = 0xe;
						while(1) {
							_t1958 = _t2560[8];
							__eflags = _t1958 - 8;
							if(_t1958 >= 8) {
								break;
							}
							_t1777 =  *_t2560;
							__eflags = _t1777[1];
							if(_t1777[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1777) & 0x000000ff;
								_t2560[8] = _t1958 + 8;
								 *_t1777 =  &(( *_t1777)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1780 =  *_t2560;
								__eflags = _t1780[2];
								if(_t1780[2] == 0) {
									_t1780[3] =  &(_t1780[3][1]);
								}
								continue;
							}
						}
						_t2209 = _t2560[8];
						_t2560[8] = _t2209 + 0xfffffff8;
						_t1397 = _t2560[7] >> _t2209 - 0x00000008 & 0x000000ff;
						__eflags = _t1397 - 0x17;
						if(_t1397 == 0x17) {
							goto L384;
						}
						__eflags = _t1397 - 0x31;
						if(_t1397 == 0x31) {
							goto L47;
						} else {
							_push(0xfffffff1);
							goto L444;
						}
					case 5:
						L47:
						_t2560[1] = 0xf;
						while(1) {
							_t1991 = _t2560[8];
							__eflags = _t1991 - 8;
							if(_t1991 >= 8) {
								break;
							}
							_t1773 =  *_t2560;
							__eflags = _t1773[1];
							if(_t1773[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1773) & 0x000000ff;
								_t2560[8] = _t1991 + 8;
								 *_t1773 =  &(( *_t1773)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1776 =  *_t2560;
								__eflags = _t1776[2];
								if(_t1776[2] == 0) {
									_t1776[3] =  &(_t1776[3][1]);
								}
								continue;
							}
						}
						_t2268 = _t2560[8];
						_t2560[8] = _t2268 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2268 - 0x00000008 & 0x000000ff) - 0x41;
						if((_t2560[7] >> _t2268 - 0x00000008 & 0x000000ff) == 0x41) {
							goto L54;
						} else {
							_push(0xfffffff0);
							goto L444;
						}
					case 6:
						L54:
						_t2560[1] = 0x10;
						while(1) {
							_t1993 = _t2560[8];
							__eflags = _t1993 - 8;
							if(_t1993 >= 8) {
								break;
							}
							_t1769 =  *_t2560;
							__eflags = _t1769[1];
							if(_t1769[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1769) & 0x000000ff;
								_t2560[8] = _t1993 + 8;
								 *_t1769 =  &(( *_t1769)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1772 =  *_t2560;
								__eflags = _t1772[2];
								if(_t1772[2] == 0) {
									_t1772[3] =  &(_t1772[3][1]);
								}
								continue;
							}
						}
						_t2270 = _t2560[8];
						_t2560[8] = _t2270 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2270 - 0x00000008 & 0x000000ff) - 0x59;
						if((_t2560[7] >> _t2270 - 0x00000008 & 0x000000ff) == 0x59) {
							goto L61;
						} else {
							_push(0xffffffef);
							goto L444;
						}
					case 7:
						L61:
						_t2560[1] = 0x11;
						while(1) {
							_t1995 = _t2560[8];
							__eflags = _t1995 - 8;
							if(_t1995 >= 8) {
								break;
							}
							_t1765 =  *_t2560;
							__eflags = _t1765[1];
							if(_t1765[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1765) & 0x000000ff;
								_t2560[8] = _t1995 + 8;
								 *_t1765 =  &(( *_t1765)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1768 =  *_t2560;
								__eflags = _t1768[2];
								if(_t1768[2] == 0) {
									_t1768[3] =  &(_t1768[3][1]);
								}
								continue;
							}
						}
						_t2272 = _t2560[8];
						_t2560[8] = _t2272 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2272 - 0x00000008 & 0x000000ff) - 0x26;
						if((_t2560[7] >> _t2272 - 0x00000008 & 0x000000ff) == 0x26) {
							goto L68;
						} else {
							_push(0xffffffee);
							goto L444;
						}
					case 8:
						L68:
						_t2560[1] = 0x12;
						while(1) {
							_t1997 = _t2560[8];
							__eflags = _t1997 - 8;
							if(_t1997 >= 8) {
								break;
							}
							_t1761 =  *_t2560;
							__eflags = _t1761[1];
							if(_t1761[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1761) & 0x000000ff;
								_t2560[8] = _t1997 + 8;
								 *_t1761 =  &(( *_t1761)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1764 =  *_t2560;
								__eflags = _t1764[2];
								if(_t1764[2] == 0) {
									_t1764[3] =  &(_t1764[3][1]);
								}
								continue;
							}
						}
						_t2274 = _t2560[8];
						_t2560[8] = _t2274 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2274 - 0x00000008 & 0x000000ff) - 0x53;
						if((_t2560[7] >> _t2274 - 0x00000008 & 0x000000ff) == 0x53) {
							goto L75;
						} else {
							_push(0xffffffec);
							goto L444;
						}
					case 9:
						L75:
						_t2560[1] = 0x13;
						while(1) {
							_t1999 = _t2560[8];
							__eflags = _t1999 - 8;
							if(_t1999 >= 8) {
								break;
							}
							_t1757 =  *_t2560;
							__eflags = _t1757[1];
							if(_t1757[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1757) & 0x000000ff;
								_t2560[8] = _t1999 + 8;
								 *_t1757 =  &(( *_t1757)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1760 =  *_t2560;
								__eflags = _t1760[2];
								if(_t1760[2] == 0) {
									_t1760[3] =  &(_t1760[3][1]);
								}
								continue;
							}
						}
						_t2276 = _t2560[8];
						_t2560[8] = _t2276 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2276 - 0x00000008 & 0x000000ff) - 0x59;
						if((_t2560[7] >> _t2276 - 0x00000008 & 0x000000ff) == 0x59) {
							_t2560[0xb] =  &(_t2560[0xb][0]);
							_t259 =  &(_t2560[0x316]);
							 *_t259 = _t2560[0x316] & 0x00000000;
							__eflags =  *_t259;
							goto L83;
						} else {
							_push(0xffffffeb);
							goto L444;
						}
					case 0xa:
						L83:
						_t2560[1] = 0x14;
						while(1) {
							_t2001 = _t2560[8];
							__eflags = _t2001 - 8;
							if(_t2001 >= 8) {
								break;
							}
							_t1753 =  *_t2560;
							__eflags = _t1753[1];
							if(_t1753[1] == 0) {
								goto L374;
							} else {
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1753) & 0x000000ff;
								_t2560[8] = _t2001 + 8;
								 *_t1753 =  &(( *_t1753)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1756 =  *_t2560;
								__eflags = _t1756[2];
								if(_t1756[2] == 0) {
									_t1756[3] =  &(_t1756[3][1]);
								}
								continue;
							}
						}
						_t2278 = _t2560[8];
						_t2003 =  &(_t2560[0x316]);
						_t2560[8] = _t2278 + 0xfffffff8;
						_t2282 =  *_t2003 << 0x00000008 | _t2560[7] >> _t2278 - 0x00000008 & 0xff;
						__eflags = _t2282;
						 *_t2003 = _t2282;
						goto L89;
					case 0xb:
						L89:
						_t2560[1] = 0x15;
						while(1) {
							_t2004 = _t2560[8];
							__eflags = _t2004 - 8;
							if(_t2004 >= 8) {
								break;
							}
							_t1749 =  *_t2560;
							__eflags = _t1749[1];
							if(_t1749[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1749) & 0x000000ff;
							_t2560[8] = _t2004 + 8;
							 *_t1749 =  &(( *_t1749)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1752 =  *_t2560;
							__eflags = _t1752[2];
							if(_t1752[2] == 0) {
								_t1752[3] =  &(_t1752[3][1]);
							}
						}
						_t2283 = _t2560[8];
						_t2006 =  &(_t2560[0x316]);
						_t2560[8] = _t2283 + 0xfffffff8;
						_t2287 =  *_t2006 << 0x00000008 | _t2560[7] >> _t2283 - 0x00000008 & 0xff;
						__eflags = _t2287;
						 *_t2006 = _t2287;
						goto L95;
					case 0xc:
						L95:
						_t2560[1] = 0x16;
						while(1) {
							_t2007 = _t2560[8];
							__eflags = _t2007 - 8;
							if(_t2007 >= 8) {
								break;
							}
							_t1745 =  *_t2560;
							__eflags = _t1745[1];
							if(_t1745[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1745) & 0x000000ff;
							_t2560[8] = _t2007 + 8;
							 *_t1745 =  &(( *_t1745)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1748 =  *_t2560;
							__eflags = _t1748[2];
							if(_t1748[2] == 0) {
								_t1748[3] =  &(_t1748[3][1]);
							}
						}
						_t2288 = _t2560[8];
						_t2009 =  &(_t2560[0x316]);
						_t2560[8] = _t2288 + 0xfffffff8;
						_t2292 =  *_t2009 << 0x00000008 | _t2560[7] >> _t2288 - 0x00000008 & 0xff;
						__eflags = _t2292;
						 *_t2009 = _t2292;
						goto L101;
					case 0xd:
						L101:
						_t2560[1] = 0x17;
						while(1) {
							_t2010 = _t2560[8];
							__eflags = _t2010 - 8;
							if(_t2010 >= 8) {
								break;
							}
							_t1741 =  *_t2560;
							__eflags = _t1741[1];
							if(_t1741[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1741) & 0x000000ff;
							_t2560[8] = _t2010 + 8;
							 *_t1741 =  &(( *_t1741)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1744 =  *_t2560;
							__eflags = _t1744[2];
							if(_t1744[2] == 0) {
								_t1744[3] =  &(_t1744[3][1]);
							}
						}
						_t2293 = _t2560[8];
						_t2012 =  &(_t2560[0x316]);
						_t2560[8] = _t2293 + 0xfffffff8;
						_t2297 =  *_t2012 << 0x00000008 | _t2560[7] >> _t2293 - 0x00000008 & 0xff;
						__eflags = _t2297;
						 *_t2012 = _t2297;
						goto L107;
					case 0xe:
						L107:
						_t2560[1] = 0x18;
						while(1) {
							_t2013 = _t2560[8];
							__eflags = _t2013 - 1;
							if(_t2013 >= 1) {
								break;
							}
							_t1737 =  *_t2560;
							__eflags = _t1737[1];
							if(_t1737[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1737) & 0x000000ff;
							_t2560[8] = _t2013 + 8;
							 *_t1737 =  &(( *_t1737)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1740 =  *_t2560;
							__eflags = _t1740[2];
							if(_t1740[2] == 0) {
								_t1740[3] =  &(_t1740[3][1]);
							}
						}
						_t2298 = _t2560[8];
						_t349 =  &(_t2560[0xd]);
						 *_t349 = _t2560[0xd] & 0x00000000;
						__eflags =  *_t349;
						_t2560[8] = _t2298 - 1;
						_t2560[4] = _t2560[7] >> _t2298 - 0x00000001 & 0x00000001;
						goto L113;
					case 0xf:
						L113:
						_t2560[1] = 0x19;
						while(1) {
							_t2015 = _t2560[8];
							__eflags = _t2015 - 8;
							if(_t2015 >= 8) {
								break;
							}
							_t1733 =  *_t2560;
							__eflags = _t1733[1];
							if(_t1733[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1733) & 0x000000ff;
							_t2560[8] = _t2015 + 8;
							 *_t1733 =  &(( *_t1733)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1736 =  *_t2560;
							__eflags = _t1736[2];
							if(_t1736[2] == 0) {
								_t1736[3] =  &(_t1736[3][1]);
							}
						}
						_t2300 = _t2560[8];
						_t2560[8] = _t2300 + 0xfffffff8;
						_t2019 = _t2560[0xd] << 0x00000008 | _t2560[7] >> _t2300 - 0x00000008 & 0xff;
						__eflags = _t2019;
						_t2560[0xd] = _t2019;
						goto L119;
					case 0x10:
						L119:
						_t2560[1] = 0x1a;
						while(1) {
							_t2020 = _t2560[8];
							__eflags = _t2020 - 8;
							if(_t2020 >= 8) {
								break;
							}
							_t1729 =  *_t2560;
							__eflags = _t1729[1];
							if(_t1729[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1729) & 0x000000ff;
							_t2560[8] = _t2020 + 8;
							 *_t1729 =  &(( *_t1729)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1732 =  *_t2560;
							__eflags = _t1732[2];
							if(_t1732[2] == 0) {
								_t1732[3] =  &(_t1732[3][1]);
							}
						}
						_t2302 = _t2560[8];
						_t2560[8] = _t2302 + 0xfffffff8;
						_t2024 = _t2560[0xd] << 0x00000008 | _t2560[7] >> _t2302 - 0x00000008 & 0xff;
						__eflags = _t2024;
						_t2560[0xd] = _t2024;
						goto L125;
					case 0x11:
						L125:
						_t2560[1] = 0x1b;
						while(1) {
							_t2025 = _t2560[8];
							__eflags = _t2025 - 8;
							if(_t2025 >= 8) {
								break;
							}
							_t1725 =  *_t2560;
							__eflags = _t1725[1];
							if(_t1725[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1725) & 0x000000ff;
							_t2560[8] = _t2025 + 8;
							 *_t1725 =  &(( *_t1725)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1728 =  *_t2560;
							__eflags = _t1728[2];
							if(_t1728[2] == 0) {
								_t1728[3] =  &(_t1728[3][1]);
							}
						}
						_t2304 = _t2560[8];
						_t2560[8] = _t2304 + 0xfffffff8;
						_t2029 = _t2560[0xd] << 0x00000008 | _t2560[7] >> _t2304 - 0x00000008 & 0xff;
						__eflags = _t2029;
						_t2560[0xd] = _t2029;
						if(_t2029 >= 0) {
							__eflags = _t2029 - 0xa + _t2560[9] * 0x186a0;
							if(_t2029 <= 0xa + _t2560[9] * 0x186a0) {
								_v8 = _v8 & 0x00000000;
								goto L144;
							}
							_push(0xffffffe9);
							goto L444;
						}
						_push(0xffffffea);
						goto L444;
					case 0x12:
						L135:
						_t2560[1] = 0x1c;
						while(1) {
							_t2030 = _t2560[8];
							__eflags = _t2030 - 1;
							if(_t2030 >= 1) {
								break;
							}
							_t1518 =  *_t2560;
							__eflags = _t1518[1];
							if(_t1518[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1518) & 0x000000ff;
							_t2560[8] = _t2030 + 8;
							 *_t1518 =  &(( *_t1518)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1521 =  *_t2560;
							__eflags = _t1521[2];
							if(_t1521[2] == 0) {
								_t1521[3] =  &(_t1521[3][1]);
							}
						}
						_t2306 = _t2560[8];
						__eflags = (_t2560[7] >> _t2306 - 0x00000001 & 0x00000001) - 1;
						_t1517 = _v8;
						_t2560[8] = _t2306 - 1;
						if((_t2560[7] >> _t2306 - 0x00000001 & 0x00000001) != 1) {
							_t433 = _t1517 +  &(_t2560[0x35b]);
							 *_t433 =  *(_t1517 +  &(_t2560[0x35b])) & 0x00000000;
							__eflags =  *_t433;
						} else {
							 *(_t1517 +  &(_t2560[0x35b])) = 1;
						}
						_t437 =  &_v8;
						 *_t437 = _v8 + 1;
						__eflags =  *_t437;
						L144:
						__eflags = _v8 - 0x10;
						if(_v8 < 0x10) {
							goto L135;
						}
						_push(0x40);
						_pop(_t2032);
						_v8 = _v8 & 0;
						memset( &(_t2560[0x31b]), 0, _t2032 << 2);
						goto L156;
					case 0x13:
						L146:
						_t2560[1] = 0x1d;
						while(1) {
							_t2177 = _t2560[8];
							__eflags = _t2177 - 1;
							if(_t2177 >= 1) {
								break;
							}
							_t1718 =  *_t2560;
							__eflags = _t1718[1];
							if(_t1718[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1718) & 0x000000ff;
							_t2560[8] = _t2177 + 8;
							 *_t1718 =  &(( *_t1718)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1721 =  *_t2560;
							__eflags = _t1721[2];
							if(_t1721[2] == 0) {
								_t1721[3] =  &(_t1721[3][1]);
							}
						}
						_t2423 = _t2560[8];
						__eflags = (_t2560[7] >> _t2423 - 0x00000001 & 0x00000001) - 1;
						_t2560[8] = _t2423 - 1;
						if((_t2560[7] >> _t2423 - 0x00000001 & 0x00000001) == 1) {
							_t1724 = (_v8 << 4) + _v20;
							__eflags = _t1724;
							 *((char*)( &(_t2560[0x31b]) + _t1724)) = 1;
						}
						_t465 =  &_v20;
						 *_t465 = _v20 + 1;
						__eflags =  *_t465;
						L154:
						__eflags = _v20 - 0x10;
						if(_v20 < 0x10) {
							goto L146;
						}
						L155:
						_t468 =  &_v8;
						 *_t468 = _v8 + 1;
						__eflags =  *_t468;
						L156:
						_t1524 = _v8;
						__eflags = _t1524 - 0x10;
						if(_t1524 >= 0x10) {
							E004390DF(_t2560);
							_t1526 = _t2560[0x31a];
							__eflags = _t1526;
							if(_t1526 != 0) {
								_t1527 = 2 + _t1526;
								__eflags = _t1527;
								_v64 = _t1527;
								goto L162;
							}
							_push(0xffffffe8);
							goto L444;
						}
						__eflags =  *((char*)(_t1524 +  &(_t2560[0x35b])));
						if( *((char*)(_t1524 +  &(_t2560[0x35b]))) == 0) {
							goto L155;
						}
						_v20 = _v20 & 0x00000000;
						goto L154;
					case 0x14:
						L162:
						_t2560[1] = 0x1e;
						while(1) {
							_t2035 = _t2560[8];
							__eflags = _t2035 - 3;
							if(_t2035 >= 3) {
								break;
							}
							_t1711 =  *_t2560;
							__eflags = _t1711[1];
							if(_t1711[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1711) & 0x000000ff;
							_t2560[8] = _t2035 + 8;
							 *_t1711 =  &(( *_t1711)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1714 =  *_t2560;
							__eflags = _t1714[2];
							if(_t1714[2] == 0) {
								_t1714[3] =  &(_t1714[3][1]);
							}
						}
						_t2311 = _t2560[8];
						_t2560[8] = _t2311 + 0xfffffffd;
						_t1530 = _t2560[7] >> _t2311 - 0x00000003 & 0x00000007;
						__eflags = _t1530 - 2;
						_v44 = _t1530;
						if(_t1530 < 2) {
							L169:
							_push(0xffffffe7);
							goto L444;
						}
						__eflags = _t1530 - 6;
						if(_t1530 <= 6) {
							goto L170;
						}
						goto L169;
					case 0x15:
						L170:
						_t2560[1] = 0x1f;
						_t2485 = 0;
						__eflags = 0;
						while(1) {
							_t2037 = _t2560[8];
							__eflags = _t2037 - 0xf;
							if(_t2037 >= 0xf) {
								break;
							}
							_t1707 =  *_t2560;
							__eflags = _t1707[1] - _t2485;
							if(_t1707[1] == _t2485) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1707) & 0x000000ff;
							_t2560[8] = _t2037 + 8;
							 *_t1707 =  &(( *_t1707)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1710 =  *_t2560;
							__eflags = _t1710[2] - _t2485;
							if(_t1710[2] == _t2485) {
								_t1710[3] =  &(_t1710[3][1]);
							}
						}
						_t2313 = _t2560[8];
						_t2560[8] = _t2313 + 0xfffffff1;
						_t1533 = _t2560[7] >> _t2313 - 0x0000000f & 0x00007fff;
						__eflags = _t1533 - 1;
						_v48 = _t1533;
						if(_t1533 >= 1) {
							_v8 = _t2485;
							goto L187;
						}
						_push(0xffffffe6);
						goto L444;
					case 0x16:
						do {
							_t2560[1] = 0x20;
							while(1) {
								_t2171 = _t2560[8];
								__eflags = _t2171 - 1;
								if(_t2171 >= 1) {
									break;
								}
								_t1702 =  *_t2560;
								__eflags = _t1702[1];
								if(_t1702[1] == 0) {
									goto L374;
								}
								_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1702) & 0x000000ff;
								_t2560[8] = _t2171 + 8;
								 *_t1702 =  &(( *_t1702)[1]);
								( *_t2560)[1] = ( *_t2560)[1] - 1;
								( *_t2560)[2] =  &(( *_t2560)[2][1]);
								_t1705 =  *_t2560;
								__eflags = _t1705[2];
								if(_t1705[2] == 0) {
									_t1705[3] =  &(_t1705[3][1]);
								}
							}
							_t2412 = _t2560[8];
							__eflags = _t2560[7] >> _t2412 - 0x00000001 & 0x00000001;
							_t2560[8] = _t2412 - 1;
							if((_t2560[7] >> _t2412 - 0x00000001 & 0x00000001) == 0) {
								_v8 = _v8 + 1;
								_t2485 = 0;
								__eflags = 0;
								 *((char*)( &(_t2560[0x1943]) + _v8)) = _v20;
								L187:
								_t2315 = _v48;
								__eflags = _v8 - _t2315;
								if(_v8 >= _t2315) {
									_t2039 = 0;
									__eflags = _v44 - _t2485;
									if(_v44 <= _t2485) {
										L192:
										_t1534 = 0;
										__eflags = _t2315 - _t2485;
										_v8 = 0;
										if(_t2315 <= _t2485) {
											L196:
											_v40 = _v40 & 0x00000000;
											goto L216;
										} else {
											goto L193;
										}
										do {
											L193:
											_t1859 =  *((intOrPtr*)(_t2560 + _t1534 + 0x650e));
											_t1695 = _t1859 & 0x000000ff;
											_t2411 =  *((intOrPtr*)(_t2561 + _t1695 - 0x78));
											_t2170 = _t2561 + _t1695 - 0x78;
											__eflags = _t1859;
											if(_t1859 <= 0) {
												goto L195;
											} else {
												goto L194;
											}
											do {
												L194:
												 *_t2170 =  *((intOrPtr*)(_t2170 - 1));
												_t1695 = _t1695 - 1;
												__eflags = _t1695;
												_t2170 = _t2170 - 1;
											} while (_t1695 != 0);
											L195:
											_t1696 = _v8;
											_v124 = _t2411;
											 *(_t1696 +  &(_t2560[0x7af])) = _t2411;
											_t1534 = _t1696 + 1;
											__eflags = _t1534 - _v48;
											_v8 = _t1534;
										} while (_t1534 < _v48);
										goto L196;
									}
									_t1697 = 0;
									__eflags = 0;
									do {
										 *(_t2561 + _t1697 - 0x78) = _t2039;
										_t2039 = _t2039 + 1;
										_t1697 = _t2039 & 0x000000ff;
										__eflags = _t1697 - _v44;
									} while (_t1697 < _v44);
									goto L192;
								}
								_v20 = _t2485;
								continue;
							}
							_v20 = _v20 + 1;
							__eflags = _v20 - _v44;
						} while (_v20 < _v44);
						_push(0xffffffe5);
						goto L444;
					case 0x17:
						L217:
						_t2560[1] = 0x21;
						while(1) {
							_t2160 = _t2560[8];
							__eflags = _t2160 - 5;
							if(_t2160 >= 5) {
								break;
							}
							_t1691 =  *_t2560;
							__eflags = _t1691[1];
							if(_t1691[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1691) & 0x000000ff;
							_t2560[8] = _t2160 + 8;
							 *_t1691 =  &(( *_t1691)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1694 =  *_t2560;
							__eflags = _t1694[2];
							if(_t1694[2] == 0) {
								_t1694[3] =  &(_t1694[3][1]);
							}
						}
						_t2396 = _t2560[8];
						_t2560[8] = _t2396 + 0xfffffffb;
						_v8 = _v8 & 0x00000000;
						_v32 = _t2560[7] >> _t2396 - 0x00000005 & 0x0000001f;
						goto L214;
					case 0x18:
						L207:
						_t2560[1] = 0x22;
						while(1) {
							_t2162 = _t2560[8];
							__eflags = _t2162 - 1;
							if(_t2162 >= 1) {
								break;
							}
							_t1680 =  *_t2560;
							__eflags = _t1680[1];
							if(_t1680[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1680) & 0x000000ff;
							_t2560[8] = _t2162 + 8;
							 *_t1680 =  &(( *_t1680)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1683 =  *_t2560;
							__eflags = _t1683[2];
							if(_t1683[2] == 0) {
								_t1683[3] =  &(_t1683[3][1]);
							}
						}
						_t2398 = _t2560[8];
						__eflags = _t2560[7] >> _t2398 - 0x00000001 & 0x00000001;
						_t2560[8] = _t2398 - 1;
						if((_t2560[7] >> _t2398 - 0x00000001 & 0x00000001) != 0) {
							goto L197;
						}
						_t608 =  &_v8;
						 *_t608 = _v8 + 1;
						__eflags =  *_t608;
						 *((char*)(_v40 * 0x102 + _v8 +  &(_t2560[0x2ad8]))) = _v32;
						L214:
						__eflags = _v8 - _v64;
						if(_v8 < _v64) {
							goto L205;
						}
						_t614 =  &_v40;
						 *_t614 = _v40 + 1;
						__eflags =  *_t614;
						L216:
						__eflags = _v40 - _v44;
						if(_v40 >= _v44) {
							_v40 = _v40 & 0x00000000;
							__eflags = _v44;
							if(_v44 <= 0) {
								L233:
								_v28 = _v28 & 0x00000000;
								_v100 = _t2560[0x31a] + 1;
								_v80 = _t2560[9] * 0x186a0;
								__eflags = 0;
								memset( &(_t2560[0x10]), 0, 0x100 << 2);
								_push(0xf);
								_v8 = 0x100;
								_t2488 = 0xfff;
								_pop(_t2042);
								_t1542 =  &(_t2560[0x7ae]);
								do {
									_a4 = 0xf;
									_t2318 = _t2042 << 4;
									__eflags = _t2318;
									do {
										 *((char*)(_t2488 +  &(_t2560[0x39f]))) = _a4 + _t2318;
										_t2488 = _t2488 - 1;
										_t680 =  &_a4;
										 *_t680 = _a4 - 1;
										__eflags =  *_t680;
									} while ( *_t680 >= 0);
									_t682 = _t2488 + 1; // 0xfff
									_t2042 = _t2042 - 1;
									 *_t1542 = _t682;
									_t1542 = _t1542 - 4;
									__eflags = _t2042;
								} while (_t2042 >= 0);
								__eflags = _v48;
								_v16 = 0;
								_v68 = 0;
								if(_v48 <= 0) {
									goto L313;
								}
								_t1543 = _t2560[0x7af] & 0x000000ff;
								_v92 = _t1543;
								_v28 = 0x31;
								_t2043 =  *((intOrPtr*)(_t2560 + 0xf9fc + _t1543 * 4));
								_t1545 = _t2560 + _t1543 * 0x408;
								_v76 = _t2043;
								_v36 = _t2043;
								_v52 = _t1545 + 0xb16c;
								_t1546 = _t1545 + 0xc99c;
								__eflags = _t1546;
								_v60 = _t1545 + 0xe1cc;
								_v56 = _t1546;
								goto L239;
							}
							_t1858 =  &(_t2560[0x3e7f]);
							_v80 =  &(_t2560[0x2ad8]);
							_t1663 = _v44;
							_t2544 =  &(_t2560[0x3267]);
							_v100 = _t1663;
							_v40 = _t1663;
							do {
								_t2395 = 0;
								_t2158 = 0;
								__eflags = _v64;
								_a4 = 0x20;
								if(_v64 <= 0) {
									goto L232;
								} else {
									goto L227;
								}
								do {
									L227:
									_t1669 =  *(_v80 + _t2158) & 0x000000ff;
									__eflags = _t1669 - _t2395;
									if(_t1669 > _t2395) {
										_t2395 = _t1669;
									}
									__eflags = _t1669 - _a4;
									if(_t1669 < _a4) {
										_a4 = _t1669;
									}
									_t2158 = _t2158 + 1;
									__eflags = _t2158 - _v64;
								} while (_t2158 < _v64);
								L232:
								E0043AC11(_v96, _t2544 - 0x1830, _t2544,  &(_t2544[0x60c]), _v80, _a4, _t2395, _v64);
								_v80 = _v80 + 0x102;
								 *_t1858 = _a4;
								_t1858 =  &(_t1858[1]);
								_t2544 =  &(_t2544[0x102]);
								_t664 =  &_v100;
								 *_t664 = _v100 - 1;
								__eflags =  *_t664;
							} while ( *_t664 != 0);
							goto L233;
						}
						goto L217;
					case 0x19:
						L197:
						_t2560[1] = 0x23;
						while(1) {
							_t2164 = _t2560[8];
							__eflags = _t2164 - 1;
							if(_t2164 >= 1) {
								break;
							}
							_t1684 =  *_t2560;
							__eflags = _t1684[1];
							if(_t1684[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1684) & 0x000000ff;
							_t2560[8] = _t2164 + 8;
							 *_t1684 =  &(( *_t1684)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1687 =  *_t2560;
							__eflags = _t1687[2];
							if(_t1687[2] == 0) {
								_t1687[3] =  &(_t1687[3][1]);
							}
						}
						_t2400 = _t2560[8];
						__eflags = _t2560[7] >> _t2400 - 0x00000001 & 0x00000001;
						_t2560[8] = _t2400 - 1;
						if((_t2560[7] >> _t2400 - 0x00000001 & 0x00000001) != 0) {
							_t584 =  &_v32;
							 *_t584 = _v32 - 1;
							__eflags =  *_t584;
						} else {
							_v32 = _v32 + 1;
						}
						L205:
						__eflags = _v32 - 1;
						if(_v32 < 1) {
							L222:
							_push(0xffffffe4);
							goto L444;
						}
						__eflags = _v32 - 0x14;
						if(_v32 > 0x14) {
							goto L222;
						}
						goto L207;
					case 0x1a:
						L239:
						_t1824 = _v36;
						_t2560[1] = 0x24;
						while(1) {
							_t2044 = _t2560[8];
							__eflags = _t2044 - _t1824;
							if(_t2044 >= _t1824) {
								break;
							}
							_t1658 =  *_t2560;
							__eflags = _t1658[1];
							if(_t1658[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1658) & 0x000000ff;
							_t2560[8] = _t2044 + 8;
							 *_t1658 =  &(( *_t1658)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1661 =  *_t2560;
							__eflags = _t1661[2];
							if(_t1661[2] == 0) {
								_t1661[3] =  &(_t1661[3][1]);
							}
						}
						_t2324 = _t2560[8] - _t1824;
						_push(1);
						_pop(_t2489);
						_t2560[8] = _t2324;
						_v24 = _t2560[7] >> _t2324 & (_t2489 << _t1824) - 0x00000001;
						goto L251;
					case 0x1b:
						L245:
						_t2560[1] = 0x25;
						while(1) {
							_t2151 = _t2560[8];
							__eflags = _t2151 - 1;
							if(_t2151 >= 1) {
								break;
							}
							_t1654 =  *_t2560;
							__eflags = _t1654[1];
							if(_t1654[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1654) & 0x000000ff;
							_t2560[8] = _t2151 + 8;
							 *_t1654 =  &(( *_t1654)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1657 =  *_t2560;
							__eflags = _t1657[2];
							if(_t1657[2] == 0) {
								_t1657[3] =  &(_t1657[3][1]);
							}
						}
						_t2387 = _t2560[8];
						_t1653 = _t2560[7] >> _t2387 - 0x00000001 & 0x00000001;
						_t2155 = _v24 + _v24 | _t1653;
						__eflags = _t2155;
						_t2560[8] = _t2387 - 1;
						_v88 = _t1653;
						_v24 = _t2155;
						L251:
						__eflags = _t1824 - 0x14;
						if(_t1824 > 0x14) {
							goto L323;
						}
						_t1550 = _v24;
						__eflags = _t1550 - _v52[_t1824];
						if(__eflags <= 0) {
							_t1551 = _t1550 -  *((intOrPtr*)(_v56 + _t1824 * 4));
							goto L266;
						}
						_t1824 = _t1824 + 1;
						_v36 = _t1824;
						goto L245;
					case 0x1c:
						L316:
						_t2560[1] = 0x26;
						while(1) {
							_t2105 = _t2560[8];
							__eflags = _t2105 - _t1846;
							if(_t2105 >= _t1846) {
								break;
							}
							_t1641 =  *_t2560;
							__eflags = _t1641[1];
							if(_t1641[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1641) & 0x000000ff;
							_t2560[8] = _t2105 + 8;
							 *_t1641 =  &(( *_t1641)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1644 =  *_t2560;
							__eflags = _t1644[2];
							if(_t1644[2] == 0) {
								_t1644[3] =  &(_t1644[3][1]);
							}
						}
						_t2353 = _t2560[8] - _t1846;
						_push(1);
						_pop(_t2504);
						_t2560[8] = _t2353;
						_t1586 = _t2560[7] >> _t2353 & (_t2504 << _t1846) - 0x00000001;
						__eflags = _t1586;
						_v24 = _t1586;
						goto L322;
					case 0x1d:
						L326:
						_t2560[1] = 0x27;
						while(1) {
							_t2144 = _t2560[8];
							__eflags = _t2144 - 1;
							if(_t2144 >= 1) {
								break;
							}
							_t1637 =  *_t2560;
							__eflags = _t1637[1];
							if(_t1637[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1637) & 0x000000ff;
							_t2560[8] = _t2144 + 8;
							 *_t1637 =  &(( *_t1637)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1640 =  *_t2560;
							__eflags = _t1640[2];
							if(_t1640[2] == 0) {
								_t1640[3] =  &(_t1640[3][1]);
							}
						}
						_t2357 = _t2560[8];
						_t1636 = _t2560[7] >> _t2357 - 0x00000001 & 0x00000001;
						_t2560[8] = _t2357 - 1;
						_v88 = _t1636;
						_v24 = _v24 + _v24 | _t1636;
						L322:
						__eflags = _t1846 - 0x14;
						if(_t1846 <= 0x14) {
							_t2108 = _v52;
							_t1587 = _v24;
							__eflags = _t1587 -  *((intOrPtr*)(_t2108 + _t1846 * 4));
							if(_t1587 <=  *((intOrPtr*)(_t2108 + _t1846 * 4))) {
								_t1588 = _t1587 -  *((intOrPtr*)(_v56 + _t1846 * 4));
								__eflags = _t1588;
								if(_t1588 < 0) {
									goto L383;
								}
								__eflags = _t1588 - 0x102;
								if(_t1588 >= 0x102) {
									goto L383;
								}
								_t2325 = _v60[_t1588];
								__eflags = _t2325;
								_v84 = _t2325;
								if(_t2325 == 0) {
									goto L308;
								}
								__eflags = _t2325 - 1;
								if(_t2325 == 1) {
									goto L307;
								}
								_v12 = _v12 + 1;
								_t2509 = _v12;
								_t2115 =  *((intOrPtr*)( &(_t2560[0x35f]) + ( *(_t2560[0x79f] +  &(_t2560[0x39f])) & 0x000000ff)));
								_t1594 = _t2115 & 0x000000ff;
								 *((intOrPtr*)(_t2560 + 0x40 + _t1594 * 4)) =  *((intOrPtr*)(_t2560 + 0x40 + _t1594 * 4)) + _t2509;
								__eflags = _t2560[0xa];
								if(_t2560[0xa] == 0) {
									__eflags = _v12;
									if(_v12 <= 0) {
										goto L269;
									}
									_t2143 = _v16;
									while(1) {
										__eflags = _t2143 - _v80;
										if(_t2143 >= _v80) {
											break;
										}
										_t2560[0x313][_t2143] = _t1594;
										_t2143 = _t2143 + 1;
										_v12 = _v12 - 1;
										_v16 = _t2143;
										__eflags = _v12;
										if(_v12 > 0) {
											continue;
										}
										goto L269;
									}
									_push(0xffffffe2);
									goto L444;
								}
								__eflags = _t2509;
								if(_t2509 <= 0) {
									goto L269;
								}
								_t1633 = _v16;
								while(1) {
									__eflags = _t1633 - _v80;
									if(_t1633 >= _v80) {
										break;
									}
									 *(_t2560[0x314] + _t1633 * 2) = _t2115 & 0x000000ff;
									_t1633 = _t1633 + 1;
									_v12 = _v12 - 1;
									_v16 = _t1633;
									__eflags = _v12;
									if(_v12 > 0) {
										continue;
									}
									goto L269;
								}
								_push(0xffffffe3);
								goto L444;
							}
							_t1846 = _t1846 + 1;
							__eflags = _t1846;
							_v36 = _t1846;
							goto L326;
						}
						goto L323;
					case 0x1e:
						L300:
						_t1848 = _v36;
						_t2560[1] = 0x28;
						while(1) {
							_t2124 = _t2560[8];
							__eflags = _t2124 - _t1848;
							if(_t2124 >= _t1848) {
								break;
							}
							_t1615 =  *_t2560;
							__eflags = _t1615[1];
							if(_t1615[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1615) & 0x000000ff;
							_t2560[8] = _t2124 + 8;
							 *_t1615 =  &(( *_t1615)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1618 =  *_t2560;
							__eflags = _t1618[2];
							if(_t1618[2] == 0) {
								_t1618[3] =  &(_t1618[3][1]);
							}
						}
						_t2366 = _t2560[8] - _t1848;
						_push(1);
						_pop(_t2511);
						_t2560[8] = _t2366;
						_v24 = _t2560[7] >> _t2366 & (_t2511 << _t1848) - 0x00000001;
						goto L262;
					case 0x1f:
						L255:
						_t2560[1] = 0x29;
						_t2560 =  &(_t2560[0]);
						 *((intOrPtr*)(0x29 + _t1606)) =  *((intOrPtr*)(0x29 + _t1606)) + 0x29 + _t1606;
						_t746 = _t1848 - 0x67cdfb2;
						 *_t746 =  *(_t1848 - 0x67cdfb2) + _t2128;
						__eflags =  *_t746;
						while(1) {
							_t2129 = _t2560[8];
							__eflags = _t2129 - 1;
							if(_t2129 >= 1) {
								break;
							}
							_t1611 =  *_t2560;
							__eflags = _t1611[1];
							if(_t1611[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1611) & 0x000000ff;
							_t2560[8] = _t2129 + 8;
							 *_t1611 =  &(( *_t1611)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1614 =  *_t2560;
							__eflags = _t1614[2];
							if(_t1614[2] == 0) {
								_t1614[3] =  &(_t1614[3][1]);
							}
						}
						_t2369 = _t2560[8];
						_t1610 = _t2560[7] >> _t2369 - 0x00000001 & 0x00000001;
						_t2133 = _v24 + _v24 | _t1610;
						__eflags = _t2133;
						_t2560[8] = _t2369 - 1;
						_v88 = _t1610;
						_v24 = _t2133;
						L262:
						__eflags = _t1848 - 0x14;
						if(_t1848 > 0x14) {
							L323:
							_push(0xfffffff3);
							goto L444;
						}
						_t2367 = _v52;
						_t1606 = _v24;
						_t2128 = _t1848 << 2;
						__eflags = _t1606 -  *((intOrPtr*)(_t2128 + _t2367));
						if(_t1606 <=  *((intOrPtr*)(_t2128 + _t2367))) {
							_t1551 = _t1606 -  *((intOrPtr*)(_t2128 + _v56));
							__eflags = _t1551;
							L266:
							if(__eflags < 0) {
								L383:
								_push(0xfffffff2);
								goto L444;
							}
							__eflags = _t1551 - 0x102;
							if(_t1551 >= 0x102) {
								goto L383;
							}
							_t2325 = _v60[_t1551];
							_v84 = _t2325;
							L269:
							__eflags = _t2325 - _v100;
							if(_t2325 == _v100) {
								_t1552 = _t2560[0xd];
								__eflags = _t1552;
								if(_t1552 < 0) {
									L382:
									_push(0xffffffe0);
									goto L444;
								}
								__eflags = _t1552 - _v16;
								if(_t1552 >= _v16) {
									goto L382;
								}
								_t2560[3] = _t2560[3] & 0x00000000;
								_t2560[2] = _t2560[2] & 0x00000000;
								_t2560[0x318] = _t2560[0x318] | 0xffffffff;
								_t1030 =  &(_t2560[0x111]);
								 *_t1030 = _t2560[0x111] & 0x00000000;
								__eflags =  *_t1030;
								_t1553 =  &(_t2560[0x112]);
								_t2560[1] = 2;
								_t2050 = _t1553;
								_t2326 = 0x100;
								do {
									 *_t2050 =  *(_t2050 - 0x408);
									_t2050 =  &(_t2050[1]);
									_t2326 = _t2326 - 1;
									__eflags = _t2326;
								} while (_t2326 != 0);
								_t2051 = 0x100;
								do {
									 *_t1553 =  *_t1553 +  *((intOrPtr*)(_t1553 - 4));
									_t1553 =  &(_t1553[1]);
									_t2051 = _t2051 - 1;
									__eflags = _t2051;
								} while (_t2051 != 0);
								__eflags = _t2560[0xa];
								if(_t2560[0xa] == 0) {
									_t2328 = 0;
									__eflags = _v16;
									_v8 = 0;
									if(_v16 <= 0) {
										L379:
										_t1554 = _t2560[0x313];
										_t2560[0x110] = 0;
										_t2054 =  *(_t1554 + _t2560[0xd] * 4) >> 8;
										__eflags = _t2560[4];
										_t2560[0xe] = _t2054;
										if(_t2560[4] == 0) {
											_t1555 =  *(_t1554 + _t2560[0xe] * 4);
											_t2560[0x110] = 1;
											_t2560[0xe] = _t1555;
											_t2560[0xe] = _t2560[0xe] >> 8;
											_t2560[0xf] = _t1555 & 0x000000ff;
										} else {
											_t2560[5] = 0;
											_t2560[6] = 0;
											_t1557 =  *(_t1554 + _t2054 * 4);
											_push(1);
											_t2560[0xe] = _t1557;
											_pop(_t2056);
											_t2560[0xe] = _t2560[0xe] >> 8;
											_t2560[0xf] = _t1557 & 0x000000ff;
											_t2560[0x110] = _t2056;
											_t1559 =  *0x46f54c; // 0x26b
											_t2560[5] = _t1559;
											_t2560[5] = _t2560[5] - 1;
											_t2560[6] = _t2056;
											__eflags = _t2560[5] - _t2056;
											_t2560[0xf] = _t2560[0xf] ^ (0 | _t2560[5] == _t2056);
										}
										goto L374;
									} else {
										goto L377;
									}
									do {
										L377:
										_t2057 = _t2560[0x313];
										_t1561 =  *(_t2057 + _t2328 * 4) & 0x000000ff;
										 *(_t2057 +  *(_t2560 + 0x444 + _t1561 * 4) * 4) =  *(_t2057 +  *(_t2560 + 0x444 + _t1561 * 4) * 4) | _t2328 << 0x00000008;
										 *(_t2560 + 0x444 + _t1561 * 4) =  *(_t2560 + 0x444 + _t1561 * 4) + 1;
										_t2328 = _t2328 + 1;
										__eflags = _t2328 - _v16;
									} while (_t2328 < _v16);
									_v8 = _t2328;
									goto L379;
								}
								_t1563 =  &(_t2560[0x212]);
								_t2059 = 0x101;
								do {
									 *_t1563 =  *(_t1563 - 0x404);
									_t1563 =  &(_t1563[1]);
									_t2059 = _t2059 - 1;
									__eflags = _t2059;
								} while (_t2059 != 0);
								_t2332 = 0;
								__eflags = _v16;
								if(_v16 <= 0) {
									L363:
									_t1564 = _t2560[0xd];
									_v8 = _t1564;
									_t1833 = (( *(_t2560[0x315] + (_t1564 >> 1)) & 0x000000ff) >> (_t1564 & 0x00000001) << 0x00000002 & 0x0000000f) << 0x00000010 |  *(_t2560[0x314] + _t1564 * 2) & 0x0000ffff;
									while(1) {
										_t2495 = _t1833 >> 1;
										_t2334 = _t2560[0x314] + _t1833 * 2;
										_t2067 = _t1833 & 0x00000001;
										_a4 = _t2067;
										_t1572 = (( *(_t2560[0x315] + _t2495) & 0x000000ff) >> _t2067 << 0x00000002 & 0x0000000f) << 0x00000010 |  *_t2334 & 0x0000ffff;
										__eflags = _a4;
										 *_t2334 = _v8;
										_t2071 = _t2560[0x315];
										if(_a4 != 0) {
											_t2338 = ( *(_t2495 + _t2071) ^ _v8 >> 0x0000000c) & 0x0000000f ^ _v8 >> 0x0000000c;
											__eflags = _t2338;
											 *(_t2495 + _t2071) = _t2338;
										} else {
											 *(_t2495 + _t2071) = _v8 >> 0x00000010 |  *(_t2495 + _t2071) & 0x000000f0;
										}
										__eflags = _t1833 - _t2560[0xd];
										_v8 = _t1833;
										_v20 = _t1572;
										if(_t1833 == _t2560[0xd]) {
											break;
										}
										_t1833 = _v20;
									}
									_t2074 = _t2560[0xd];
									__eflags = _t2560[4];
									_t2560[0xe] = _t2560[0xd];
									_t2560[0x110] = 0;
									if(_t2560[4] == 0) {
										_t2560[0xf] = E004365FF(_t2074,  &(_t2560[0x111]));
										_t1575 = _t2560[0xe];
										_t2560[0x110] =  &(_t2560[0x110][0]);
										_t2560[0xe] = (( *(_t2560[0x315] + (_t2560[0xe] >> 1)) & 0x000000ff) >> (_t2560[0xe] & 0x00000001) << 0x00000002 & 0x0000000f) << 0x00000010 |  *(_t2560[0x314] + _t1575 * 2) & 0x0000ffff;
									} else {
										_t2560[5] = 0;
										_t2560[6] = 0;
										_t1578 = E004365FF(_t2074,  &(_t2560[0x111]));
										_t2345 = _t2560[0xe];
										_t2560[0xf] = _t1578;
										_t2560[0x110] = _t2560[0x110] + 1;
										__eflags = _t2560[5];
										_t2560[0xe] = (( *(_t2560[0x315] + (_t2560[0xe] >> 1)) & 0x000000ff) >> (_t2560[0xe] & 0x00000001) << 0x00000002 & 0x0000000f) << 0x00000010 |  *(_t2560[0x314] + _t2345 * 2) & 0x0000ffff;
										if(_t2560[5] == 0) {
											_t2091 = _t2560[6];
											_t2092 = _t2091 + 1;
											__eflags = _t2092 - 0x200;
											_t2560[5] = 0x46f54c[_t2091];
											_t2560[6] = _t2092;
											if(_t2092 == 0x200) {
												_t2560[6] = 0;
											}
										}
										_t2560[5] = _t2560[5] - 1;
										__eflags = _t2560[5] - 1;
										_t2348 = (0 | _t2560[5] == 0x00000001) ^ _t1578;
										__eflags = _t2348;
										_t2560[0xf] = _t2348;
									}
									goto L374;
								} else {
									goto L359;
								}
								do {
									L359:
									_t1579 = _t2560[0x314];
									__eflags = _t2332 & 0x00000001;
									_t1580 =  *(_t1579 + _t2332 * 2) & 0x000000ff;
									_t1581 = _t2560 + 0x848 + _t1580 * 4;
									 *(_t1579 + _t2332 * 2) =  *(_t2560 + 0x848 + _t1580 * 4);
									_t2097 = _t2332;
									if((_t2332 & 0x00000001) != 0) {
										_t2501 = _t2560[0x315] + (_t2097 >> 1);
										_t1843 = ( *_t2501 ^  *_t1581 >> 0x0000000c) & 0x0000000f ^  *_t1581 >> 0x0000000c;
										__eflags = _t1843;
										 *_t2501 = _t1843;
									} else {
										 *(_t2560[0x315] + (_t2097 >> 1)) =  *_t1581 >> 0x00000010 |  *(_t2560[0x315] + (_t2097 >> 1)) & 0x000000f0;
									}
									 *_t1581 =  *_t1581 + 1;
									_t2332 = _t2332 + 1;
									__eflags = _t2332 - _v16;
								} while (_t2332 < _v16);
								goto L363;
							}
							__eflags = _t2325;
							if(_t2325 == 0) {
								L306:
								_t905 =  &_v12;
								 *_t905 = _v12 | 0xffffffff;
								__eflags =  *_t905;
								_v72 = 1;
								L307:
								__eflags = _t2325;
								if(_t2325 != 0) {
									__eflags = _t2325 - 1;
									if(_t2325 == 1) {
										_v12 = _v12 + _v72 * 2;
									}
									L311:
									__eflags = _v28;
									_v72 = _v72 + _v72;
									if(_v28 != 0) {
										L315:
										_t1846 = _v76;
										_t936 =  &_v28;
										 *_t936 = _v28 - 1;
										__eflags =  *_t936;
										_v36 = _t1846;
										goto L316;
									}
									_t1646 = _v68 + 1;
									__eflags = _t1646 - _v48;
									_v68 = _t1646;
									if(_t1646 < _v48) {
										_t1647 =  *(_t1646 +  &(_t2560[0x7af])) & 0x000000ff;
										_v92 = _t1647;
										_v28 = 0x32;
										_t1649 = _t2560 + _t1647 * 0x408;
										_v76 =  *((intOrPtr*)(_t2560 + 0xf9fc + _t1647 * 4));
										_v52 = _t1649 + 0xb16c;
										_t1650 = _t1649 + 0xc99c;
										__eflags = _t1650;
										_v60 = _t1649 + 0xe1cc;
										_v56 = _t1650;
										goto L315;
									}
									L313:
									_push(0xfffffff4);
									goto L444;
								}
								L308:
								_v12 = _v12 + _v72;
								goto L311;
							}
							__eflags = _t2325 - 1;
							if(_t2325 == 1) {
								goto L306;
							}
							__eflags = _v16 - _v80;
							if(_v16 < _v80) {
								_t2116 = _t2325 - 1;
								__eflags = _t2116 - 0x10;
								if(_t2116 >= 0x10) {
									_t1597 = _t2116 >> 4;
									_t1847 =  *((intOrPtr*)(_t2560 + 0x1e7c + _t1597 * 4));
									_t2362 = _t2560 + 0x1e7c + _t1597 * 4;
									_t2510 = (_t2116 & 0x0000000f) + _t1847;
									__eflags = _t2510 - _t1847;
									_a7 =  *((intOrPtr*)(_t2510 +  &(_t2560[0x39f])));
									if(_t2510 <= _t1847) {
										L285:
										 *_t2362 =  *_t2362 + 1;
										__eflags = _t1597;
										if(_t1597 <= 0) {
											L288:
											_t2560[0x79f] = _t2560[0x79f] - 1;
											 *(_t2560[0x79f] +  &(_t2560[0x39f])) = _a7;
											__eflags = _t2560[0x79f];
											if(_t2560[0x79f] != 0) {
												L293:
												_t1599 = _a7 & 0x000000ff;
												_t1600 =  &(_t2560[0x35f]) + _t1599;
												 *((intOrPtr*)(_t2560 + 0x40 + ( *( &(_t2560[0x35f]) + _t1599) & 0x000000ff) * 4)) =  *((intOrPtr*)(_t2560 + 0x40 + ( *( &(_t2560[0x35f]) + _t1599) & 0x000000ff) * 4)) + 1;
												__eflags = _t2560[0xa];
												if(_t2560[0xa] == 0) {
													 *(_t2560[0x313] + _v16 * 4) =  *_t1600 & 0x000000ff;
												} else {
													 *(_t2560[0x314] + _v16 * 2) =  *_t1600 & 0x000000ff;
												}
												_v16 = _v16 + 1;
												__eflags = _v28;
												if(_v28 != 0) {
													L299:
													_t884 =  &_v28;
													 *_t884 = _v28 - 1;
													__eflags =  *_t884;
													_v36 = _v76;
													goto L300;
												} else {
													_t1620 = _v68 + 1;
													__eflags = _t1620 - _v48;
													_v68 = _t1620;
													if(_t1620 >= _v48) {
														goto L313;
													}
													_t1621 =  *(_t1620 +  &(_t2560[0x7af])) & 0x000000ff;
													_v92 = _t1621;
													_v28 = 0x32;
													_t1623 = _t2560 + _t1621 * 0x408;
													_v76 =  *(_t2560 + 0xf9fc + _t1621 * 4);
													_v52 = _t1623 + 0xb16c;
													_t1624 = _t1623 + 0xc99c;
													__eflags = _t1624;
													_v60 = _t1623 + 0xe1cc;
													_v56 = _t1624;
													goto L299;
												}
											}
											_push(0x10);
											_t2140 = 0xfff;
											_t1626 =  &(_t2560[0x7ae]);
											_pop(_t2378);
											do {
												_push(0xf);
												_pop(_t2533);
												do {
													_t1855 =  *_t1626 + _t2533;
													_t2140 = _t2140 - 1;
													_t2533 = _t2533 - 1;
													__eflags = _t2533;
													 *((char*)(_t2140 +  &(_t2560[0x39f]))) =  *((intOrPtr*)(_t1855 +  &(_t2560[0x39f])));
												} while (_t2533 >= 0);
												_t840 = _t2140 + 1; // 0xfff
												 *_t1626 = _t840;
												_t1626 = _t1626 - 4;
												_t2378 = _t2378 - 1;
												__eflags = _t2378;
											} while (_t2378 != 0);
											goto L293;
										}
										_t2535 = _t1597;
										do {
											 *_t2362 =  *_t2362 - 1;
											_t2141 =  *_t2362;
											_t1627 =  *((intOrPtr*)(_t2362 - 4));
											_t2362 = _t2362 + 0xfffffffc;
											_t2535 = _t2535 - 1;
											__eflags = _t2535;
											 *((char*)(_t2141 +  &(_t2560[0x39f]))) =  *((intOrPtr*)(_t1627 +  &(_t2560[0x3a2])));
										} while (_t2535 != 0);
										goto L288;
									} else {
										goto L284;
									}
									do {
										L284:
										 *((char*)(_t2510 +  &(_t2560[0x39f]))) =  *((intOrPtr*)(_t2510 +  &(_t2560[0x39e])));
										_t2510 = _t2510 - 1;
										__eflags = _t2510 -  *_t2362;
									} while (_t2510 >  *_t2362);
									goto L285;
								}
								_t2514 = _t2560[0x79f];
								__eflags = _t2116 - 3;
								_v124 = _t2514;
								_t1629 = _t2514 + _t2116;
								_a7 =  *((intOrPtr*)(_t1629 +  &(_t2560[0x39f])));
								if(_t2116 <= 3) {
									L279:
									__eflags = _t2116;
									if(_t2116 <= 0) {
										L282:
										 *((char*)( &(_t2560[0x39f]) + _t2514)) = _a7;
										goto L293;
									}
									_t1631 =  &(_t2560[0x39f]) + _t2514;
									do {
										 *((char*)(_t2116 + _t1631)) =  *((intOrPtr*)(_t2116 + _t1631 - 1));
										_t2116 = _t2116 - 1;
										__eflags = _t2116;
									} while (_t2116 != 0);
									goto L282;
								}
								_t2381 =  &(_t2560[0x39e]);
								_t1632 = _t1629 + _t2381;
								_v108 = _t2560 - _t2381 + 0xe7c;
								_v112 = _t2560 - _t2381 + 0xe7a;
								_v116 = _t2560 - _t2381 + 0xe78;
								_v104 = _t2560 - _t2381 + 0xe79;
								_t2530 = _t2116 >> 2;
								__eflags = _t2530;
								do {
									_t2116 = _t2116 - 4;
									 *((char*)(_v108 + _t1632)) =  *_t1632;
									_t2384 = _v112 + _t1632;
									 *_t1632 =  *_t2384;
									 *_t2384 =  *((intOrPtr*)(_v104 + _t1632));
									 *((char*)(_v104 + _t1632)) =  *((intOrPtr*)(_v116 + _t1632));
									_t1632 = _t1632 - 4;
									_t2530 = _t2530 - 1;
									__eflags = _t2530;
								} while (_t2530 != 0);
								_t2514 = _v124;
								goto L279;
							}
							_push(0xffffffe1);
							goto L444;
						}
						_t1848 = _t1848 + 1;
						_v36 = _t1848;
						goto L255;
					case 0x20:
						L384:
						_t2560[1] = 0x2a;
						while(1) {
							_t1960 = _t2560[8];
							__eflags = _t1960 - 8;
							if(_t1960 >= 8) {
								break;
							}
							_t1461 =  *_t2560;
							__eflags = _t1461[1];
							if(_t1461[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1461) & 0x000000ff;
							_t2560[8] = _t1960 + 8;
							 *_t1461 =  &(( *_t1461)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1464 =  *_t2560;
							__eflags = _t1464[2];
							if(_t1464[2] == 0) {
								_t1464[3] =  &(_t1464[3][1]);
							}
						}
						_t2211 = _t2560[8];
						_t2560[8] = _t2211 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2211 - 0x00000008 & 0x000000ff) - 0x72;
						if((_t2560[7] >> _t2211 - 0x00000008 & 0x000000ff) == 0x72) {
							goto L391;
						}
						_push(0xffffffdf);
						goto L444;
					case 0x21:
						L391:
						_t2560[1] = 0x2b;
						while(1) {
							_t1962 = _t2560[8];
							__eflags = _t1962 - 8;
							if(_t1962 >= 8) {
								break;
							}
							_t1457 =  *_t2560;
							__eflags = _t1457[1];
							if(_t1457[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1457) & 0x000000ff;
							_t2560[8] = _t1962 + 8;
							 *_t1457 =  &(( *_t1457)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1460 =  *_t2560;
							__eflags = _t1460[2];
							if(_t1460[2] == 0) {
								_t1460[3] =  &(_t1460[3][1]);
							}
						}
						_t2213 = _t2560[8];
						_t2560[8] = _t2213 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2213 - 0x00000008 & 0x000000ff) - 0x45;
						if((_t2560[7] >> _t2213 - 0x00000008 & 0x000000ff) == 0x45) {
							goto L398;
						}
						_push(0xffffffde);
						goto L444;
					case 0x22:
						L398:
						_t2560[1] = 0x2c;
						while(1) {
							_t1964 = _t2560[8];
							__eflags = _t1964 - 8;
							if(_t1964 >= 8) {
								break;
							}
							_t1453 =  *_t2560;
							__eflags = _t1453[1];
							if(_t1453[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1453) & 0x000000ff;
							_t2560[8] = _t1964 + 8;
							 *_t1453 =  &(( *_t1453)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1456 =  *_t2560;
							__eflags = _t1456[2];
							if(_t1456[2] == 0) {
								_t1456[3] =  &(_t1456[3][1]);
							}
						}
						_t2215 = _t2560[8];
						_t2560[8] = _t2215 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2215 - 0x00000008 & 0x000000ff) - 0x38;
						if((_t2560[7] >> _t2215 - 0x00000008 & 0x000000ff) == 0x38) {
							goto L405;
						}
						_push(0xffffffdd);
						goto L444;
					case 0x23:
						L405:
						_t2560[1] = 0x2d;
						while(1) {
							_t1966 = _t2560[8];
							__eflags = _t1966 - 8;
							if(_t1966 >= 8) {
								break;
							}
							_t1449 =  *_t2560;
							__eflags = _t1449[1];
							if(_t1449[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1449) & 0x000000ff;
							_t2560[8] = _t1966 + 8;
							 *_t1449 =  &(( *_t1449)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1452 =  *_t2560;
							__eflags = _t1452[2];
							if(_t1452[2] == 0) {
								_t1452[3] =  &(_t1452[3][1]);
							}
						}
						_t2217 = _t2560[8];
						_t2560[8] = _t2217 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2217 - 0x00000008 & 0x000000ff) - 0x50;
						if((_t2560[7] >> _t2217 - 0x00000008 & 0x000000ff) == 0x50) {
							goto L412;
						}
						_push(0xffffffdc);
						goto L444;
					case 0x24:
						L412:
						_t2560[1] = 0x2e;
						while(1) {
							_t1968 = _t2560[8];
							__eflags = _t1968 - 8;
							if(_t1968 >= 8) {
								break;
							}
							_t1445 =  *_t2560;
							__eflags = _t1445[1];
							if(_t1445[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1445) & 0x000000ff;
							_t2560[8] = _t1968 + 8;
							 *_t1445 =  &(( *_t1445)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1448 =  *_t2560;
							__eflags = _t1448[2];
							if(_t1448[2] == 0) {
								_t1448[3] =  &(_t1448[3][1]);
							}
						}
						_t2219 = _t2560[8];
						_t2560[8] = _t2219 + 0xfffffff8;
						__eflags = (_t2560[7] >> _t2219 - 0x00000008 & 0x000000ff) - 0x90;
						if((_t2560[7] >> _t2219 - 0x00000008 & 0x000000ff) == 0x90) {
							_t1256 =  &(_t2560[0x317]);
							 *_t1256 = _t2560[0x317] & 0x00000000;
							__eflags =  *_t1256;
							goto L420;
						}
						_push(0xffffffdb);
						goto L444;
					case 0x25:
						L420:
						_t2560[1] = 0x2f;
						while(1) {
							_t1970 = _t2560[8];
							__eflags = _t1970 - 8;
							if(_t1970 >= 8) {
								break;
							}
							_t1441 =  *_t2560;
							__eflags = _t1441[1];
							if(_t1441[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1441) & 0x000000ff;
							_t2560[8] = _t1970 + 8;
							 *_t1441 =  &(( *_t1441)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1444 =  *_t2560;
							__eflags = _t1444[2];
							if(_t1444[2] == 0) {
								_t1444[3] =  &(_t1444[3][1]);
							}
						}
						_t2221 = _t2560[8];
						_t1972 =  &(_t2560[0x317]);
						_t2560[8] = _t2221 + 0xfffffff8;
						_t2225 =  *_t1972 << 0x00000008 | _t2560[7] >> _t2221 - 0x00000008 & 0xff;
						__eflags = _t2225;
						 *_t1972 = _t2225;
						goto L426;
					case 0x26:
						L426:
						_t2560[1] = 0x30;
						while(1) {
							_t1973 = _t2560[8];
							__eflags = _t1973 - 8;
							if(_t1973 >= 8) {
								break;
							}
							_t1437 =  *_t2560;
							__eflags = _t1437[1];
							if(_t1437[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1437) & 0x000000ff;
							_t2560[8] = _t1973 + 8;
							 *_t1437 =  &(( *_t1437)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1440 =  *_t2560;
							__eflags = _t1440[2];
							if(_t1440[2] == 0) {
								_t1440[3] =  &(_t1440[3][1]);
							}
						}
						_t2226 = _t2560[8];
						_t1975 =  &(_t2560[0x317]);
						_t2560[8] = _t2226 + 0xfffffff8;
						_t2230 =  *_t1975 << 0x00000008 | _t2560[7] >> _t2226 - 0x00000008 & 0xff;
						__eflags = _t2230;
						 *_t1975 = _t2230;
						goto L432;
					case 0x27:
						L432:
						_t2560[1] = 0x31;
						while(1) {
							_t1976 = _t2560[8];
							__eflags = _t1976 - 8;
							if(_t1976 >= 8) {
								break;
							}
							_t1433 =  *_t2560;
							__eflags = _t1433[1];
							if(_t1433[1] == 0) {
								goto L374;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1433) & 0x000000ff;
							_t2560[8] = _t1976 + 8;
							 *_t1433 =  &(( *_t1433)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1436 =  *_t2560;
							__eflags = _t1436[2];
							if(_t1436[2] == 0) {
								_t1436[3] =  &(_t1436[3][1]);
							}
						}
						_t2231 = _t2560[8];
						_t1978 =  &(_t2560[0x317]);
						_t2560[8] = _t2231 + 0xfffffff8;
						_t2235 =  *_t1978 << 0x00000008 | _t2560[7] >> _t2231 - 0x00000008 & 0xff;
						__eflags = _t2235;
						 *_t1978 = _t2235;
						goto L438;
					case 0x28:
						L438:
						_t2560[1] = 0x32;
						while(1) {
							_t1979 = _t2560[8];
							__eflags = _t1979 - 8;
							if(_t1979 >= 8) {
								break;
							}
							_t1429 =  *_t2560;
							__eflags = _t1429[1];
							if(_t1429[1] == 0) {
								L374:
								_t1379 = 0;
								goto L445;
							}
							_t2560[7] = _t2560[7] << 0x00000008 |  *( *_t1429) & 0x000000ff;
							_t2560[8] = _t1979 + 8;
							 *_t1429 =  &(( *_t1429)[1]);
							( *_t2560)[1] = ( *_t2560)[1] - 1;
							( *_t2560)[2] =  &(( *_t2560)[2][1]);
							_t1432 =  *_t2560;
							__eflags = _t1432[2];
							if(_t1432[2] == 0) {
								_t1432[3] =  &(_t1432[3][1]);
							}
						}
						_t2236 = _t2560[8];
						_t2560[1] = 1;
						_push(4);
						_t1981 =  &(_t2560[0x317]);
						_t2560[8] = _t2236 + 0xfffffff8;
						_t2240 =  *_t1981 << 0x00000008 | _t2560[7] >> _t2236 - 0x00000008 & 0xff;
						__eflags = _t2240;
						 *_t1981 = _t2240;
						L444:
						_pop(_t1379);
						goto L445;
				}
			}




































                    0x00437222
                    0x00437225
                    0x00437228
                    0x0043722f
                    0x00437235
                    0x0043723b
                    0x00437241
                    0x00437247
                    0x0043724d
                    0x00437253
                    0x00437259
                    0x0043725f
                    0x00437265
                    0x0043726b
                    0x00437271
                    0x00437277
                    0x0043727d
                    0x00437283
                    0x00437289
                    0x0043728f
                    0x00437295
                    0x0043729b
                    0x004372a1
                    0x004372a7
                    0x004372ad
                    0x004372b3
                    0x004372b9
                    0x004372bf
                    0x004372bf
                    0x004372d1
                    0x004372da
                    0x004372e3
                    0x004372ec
                    0x004372f5
                    0x004372fe
                    0x00437307
                    0x00437310
                    0x00437319
                    0x00437322
                    0x0043732b
                    0x00437334
                    0x0043733d
                    0x00437346
                    0x0043734f
                    0x00437358
                    0x00437361
                    0x0043736a
                    0x00437373
                    0x0043737c
                    0x00437385
                    0x0043738e
                    0x00437397
                    0x0043739d
                    0x004373a0
                    0x004373a6
                    0x00438f5c
                    0x00438f60
                    0x00438f69
                    0x00438f72
                    0x00438f7b
                    0x00438f84
                    0x00438f8d
                    0x00438f96
                    0x00438f9f
                    0x00438fa8
                    0x00438fb1
                    0x00438fba
                    0x00438fc3
                    0x00438fcc
                    0x00438fd5
                    0x00438fde
                    0x00438fe7
                    0x00438ff0
                    0x00438ff9
                    0x00439002
                    0x0043900b
                    0x00439014
                    0x0043901d
                    0x00439026
                    0x0043902f
                    0x00439038
                    0x00439038
                    0x004373b1
                    0x00000000
                    0x004373b8
                    0x004373bf
                    0x004373bf
                    0x004373c5
                    0x00000000
                    0x00000000
                    0x004373c7
                    0x004373cd
                    0x00000000
                    0x004373d3
                    0x004373e3
                    0x004373e6
                    0x004373e9
                    0x004373ed
                    0x004373f2
                    0x004373f5
                    0x004373fb
                    0x004373fd
                    0x004373fd
                    0x00000000
                    0x004373fb
                    0x004373cd
                    0x00437402
                    0x00437410
                    0x00437415
                    0x00437417
                    0x00000000
                    0x00437419
                    0x00437419
                    0x00000000
                    0x00437419
                    0x00000000
                    0x00437420
                    0x00437420
                    0x00437427
                    0x00437427
                    0x0043742a
                    0x0043742d
                    0x00000000
                    0x00000000
                    0x0043742f
                    0x00437431
                    0x00437435
                    0x00000000
                    0x0043743b
                    0x0043744b
                    0x0043744e
                    0x00437451
                    0x00437455
                    0x0043745a
                    0x0043745d
                    0x0043745f
                    0x00437463
                    0x00437465
                    0x00437465
                    0x00000000
                    0x00437463
                    0x00437435
                    0x0043746a
                    0x00437478
                    0x0043747d
                    0x0043747f
                    0x00000000
                    0x00437481
                    0x00437481
                    0x00000000
                    0x00437481
                    0x00000000
                    0x00437488
                    0x00437488
                    0x0043748f
                    0x0043748f
                    0x00437492
                    0x00437495
                    0x00000000
                    0x00000000
                    0x00437497
                    0x00437499
                    0x0043749d
                    0x00000000
                    0x004374a3
                    0x004374b3
                    0x004374b6
                    0x004374b9
                    0x004374bd
                    0x004374c2
                    0x004374c5
                    0x004374c7
                    0x004374cb
                    0x004374cd
                    0x004374cd
                    0x00000000
                    0x004374cb
                    0x0043749d
                    0x004374d2
                    0x004374e0
                    0x004374e5
                    0x004374e7
                    0x00000000
                    0x004374e9
                    0x004374e9
                    0x00000000
                    0x004374e9
                    0x00000000
                    0x004374f0
                    0x004374f0
                    0x004374f7
                    0x004374f7
                    0x004374fa
                    0x004374fd
                    0x00000000
                    0x00000000
                    0x004374ff
                    0x00437501
                    0x00437505
                    0x00000000
                    0x0043750b
                    0x0043751b
                    0x0043751e
                    0x00437521
                    0x00437525
                    0x0043752a
                    0x0043752d
                    0x0043752f
                    0x00437533
                    0x00437535
                    0x00437535
                    0x00000000
                    0x00437533
                    0x00437505
                    0x0043753a
                    0x00437548
                    0x0043754b
                    0x0043754d
                    0x00437550
                    0x00437553
                    0x004375bb
                    0x004375bb
                    0x00000000
                    0x004375bb
                    0x00437555
                    0x00437558
                    0x00000000
                    0x00000000
                    0x0043755a
                    0x0043755d
                    0x00437561
                    0x00437564
                    0x0043759d
                    0x004375a4
                    0x004375aa
                    0x004375b0
                    0x004375b0
                    0x004375b2
                    0x00000000
                    0x00000000
                    0x004375b4
                    0x004375b4
                    0x00000000
                    0x004375b4
                    0x00437572
                    0x00437585
                    0x0043758a
                    0x00437593
                    0x00437599
                    0x00000000
                    0x0043759b
                    0x00000000
                    0x0043759b
                    0x00000000
                    0x004375c2
                    0x004375c2
                    0x004375c9
                    0x004375c9
                    0x004375cc
                    0x004375cf
                    0x00000000
                    0x00000000
                    0x004375d1
                    0x004375d3
                    0x004375d7
                    0x00000000
                    0x004375dd
                    0x004375ed
                    0x004375f0
                    0x004375f3
                    0x004375f7
                    0x004375fc
                    0x004375ff
                    0x00437601
                    0x00437605
                    0x00437607
                    0x00437607
                    0x00000000
                    0x00437605
                    0x004375d7
                    0x0043760c
                    0x0043761a
                    0x0043761d
                    0x0043761f
                    0x00437621
                    0x00000000
                    0x00000000
                    0x00437627
                    0x00437629
                    0x00000000
                    0x0043762b
                    0x0043762b
                    0x00000000
                    0x0043762b
                    0x00000000
                    0x00437632
                    0x00437632
                    0x00437639
                    0x00437639
                    0x0043763c
                    0x0043763f
                    0x00000000
                    0x00000000
                    0x00437641
                    0x00437643
                    0x00437647
                    0x00000000
                    0x0043764d
                    0x0043765d
                    0x00437660
                    0x00437663
                    0x00437667
                    0x0043766c
                    0x0043766f
                    0x00437671
                    0x00437675
                    0x00437677
                    0x00437677
                    0x00000000
                    0x00437675
                    0x00437647
                    0x0043767c
                    0x0043768a
                    0x0043768f
                    0x00437691
                    0x00000000
                    0x00437693
                    0x00437693
                    0x00000000
                    0x00437693
                    0x00000000
                    0x0043769a
                    0x0043769a
                    0x004376a1
                    0x004376a1
                    0x004376a4
                    0x004376a7
                    0x00000000
                    0x00000000
                    0x004376a9
                    0x004376ab
                    0x004376af
                    0x00000000
                    0x004376b5
                    0x004376c5
                    0x004376c8
                    0x004376cb
                    0x004376cf
                    0x004376d4
                    0x004376d7
                    0x004376d9
                    0x004376dd
                    0x004376df
                    0x004376df
                    0x00000000
                    0x004376dd
                    0x004376af
                    0x004376e4
                    0x004376f2
                    0x004376f7
                    0x004376f9
                    0x00000000
                    0x004376fb
                    0x004376fb
                    0x00000000
                    0x004376fb
                    0x00000000
                    0x00437702
                    0x00437702
                    0x00437709
                    0x00437709
                    0x0043770c
                    0x0043770f
                    0x00000000
                    0x00000000
                    0x00437711
                    0x00437713
                    0x00437717
                    0x00000000
                    0x0043771d
                    0x0043772d
                    0x00437730
                    0x00437733
                    0x00437737
                    0x0043773c
                    0x0043773f
                    0x00437741
                    0x00437745
                    0x00437747
                    0x00437747
                    0x00000000
                    0x00437745
                    0x00437717
                    0x0043774c
                    0x0043775a
                    0x0043775f
                    0x00437761
                    0x00000000
                    0x00437763
                    0x00437763
                    0x00000000
                    0x00437763
                    0x00000000
                    0x0043776a
                    0x0043776a
                    0x00437771
                    0x00437771
                    0x00437774
                    0x00437777
                    0x00000000
                    0x00000000
                    0x00437779
                    0x0043777b
                    0x0043777f
                    0x00000000
                    0x00437785
                    0x00437795
                    0x00437798
                    0x0043779b
                    0x0043779f
                    0x004377a4
                    0x004377a7
                    0x004377a9
                    0x004377ad
                    0x004377af
                    0x004377af
                    0x00000000
                    0x004377ad
                    0x0043777f
                    0x004377b4
                    0x004377c2
                    0x004377c7
                    0x004377c9
                    0x00000000
                    0x004377cb
                    0x004377cb
                    0x00000000
                    0x004377cb
                    0x00000000
                    0x004377d2
                    0x004377d2
                    0x004377d9
                    0x004377d9
                    0x004377dc
                    0x004377df
                    0x00000000
                    0x00000000
                    0x004377e1
                    0x004377e3
                    0x004377e7
                    0x00000000
                    0x004377ed
                    0x004377fd
                    0x00437800
                    0x00437803
                    0x00437807
                    0x0043780c
                    0x0043780f
                    0x00437811
                    0x00437815
                    0x00437817
                    0x00437817
                    0x00000000
                    0x00437815
                    0x004377e7
                    0x0043781c
                    0x0043782a
                    0x0043782f
                    0x00437831
                    0x0043783a
                    0x0043783d
                    0x0043783d
                    0x0043783d
                    0x00000000
                    0x00437833
                    0x00437833
                    0x00000000
                    0x00437833
                    0x00000000
                    0x00437844
                    0x00437844
                    0x0043784b
                    0x0043784b
                    0x0043784e
                    0x00437851
                    0x00000000
                    0x00000000
                    0x00437853
                    0x00437855
                    0x00437859
                    0x00000000
                    0x0043785f
                    0x0043786f
                    0x00437872
                    0x00437875
                    0x00437879
                    0x0043787e
                    0x00437881
                    0x00437883
                    0x00437887
                    0x00437889
                    0x00437889
                    0x00000000
                    0x00437887
                    0x00437859
                    0x0043788e
                    0x0043789c
                    0x004378a2
                    0x004378af
                    0x004378af
                    0x004378b1
                    0x00000000
                    0x00000000
                    0x004378b3
                    0x004378b3
                    0x004378ba
                    0x004378ba
                    0x004378bd
                    0x004378c0
                    0x00000000
                    0x00000000
                    0x004378c2
                    0x004378c4
                    0x004378c8
                    0x00000000
                    0x00000000
                    0x004378de
                    0x004378e1
                    0x004378e4
                    0x004378e8
                    0x004378ed
                    0x004378f0
                    0x004378f2
                    0x004378f6
                    0x004378f8
                    0x004378f8
                    0x004378f6
                    0x004378fd
                    0x0043790b
                    0x00437911
                    0x0043791e
                    0x0043791e
                    0x00437920
                    0x00000000
                    0x00000000
                    0x00437922
                    0x00437922
                    0x00437929
                    0x00437929
                    0x0043792c
                    0x0043792f
                    0x00000000
                    0x00000000
                    0x00437931
                    0x00437933
                    0x00437937
                    0x00000000
                    0x00000000
                    0x0043794d
                    0x00437950
                    0x00437953
                    0x00437957
                    0x0043795c
                    0x0043795f
                    0x00437961
                    0x00437965
                    0x00437967
                    0x00437967
                    0x00437965
                    0x0043796c
                    0x0043797a
                    0x00437980
                    0x0043798d
                    0x0043798d
                    0x0043798f
                    0x00000000
                    0x00000000
                    0x00437991
                    0x00437991
                    0x00437998
                    0x00437998
                    0x0043799b
                    0x0043799e
                    0x00000000
                    0x00000000
                    0x004379a0
                    0x004379a2
                    0x004379a6
                    0x00000000
                    0x00000000
                    0x004379bc
                    0x004379bf
                    0x004379c2
                    0x004379c6
                    0x004379cb
                    0x004379ce
                    0x004379d0
                    0x004379d4
                    0x004379d6
                    0x004379d6
                    0x004379d4
                    0x004379db
                    0x004379e9
                    0x004379ef
                    0x004379fc
                    0x004379fc
                    0x004379fe
                    0x00000000
                    0x00000000
                    0x00437a00
                    0x00437a00
                    0x00437a07
                    0x00437a07
                    0x00437a0a
                    0x00437a0d
                    0x00000000
                    0x00000000
                    0x00437a0f
                    0x00437a11
                    0x00437a15
                    0x00000000
                    0x00000000
                    0x00437a2b
                    0x00437a2e
                    0x00437a31
                    0x00437a35
                    0x00437a3a
                    0x00437a3d
                    0x00437a3f
                    0x00437a43
                    0x00437a45
                    0x00437a45
                    0x00437a43
                    0x00437a4a
                    0x00437a59
                    0x00437a59
                    0x00437a59
                    0x00437a5d
                    0x00437a60
                    0x00000000
                    0x00000000
                    0x00437a63
                    0x00437a63
                    0x00437a6a
                    0x00437a6a
                    0x00437a6d
                    0x00437a70
                    0x00000000
                    0x00000000
                    0x00437a72
                    0x00437a74
                    0x00437a78
                    0x00000000
                    0x00000000
                    0x00437a8e
                    0x00437a91
                    0x00437a94
                    0x00437a98
                    0x00437a9d
                    0x00437aa0
                    0x00437aa2
                    0x00437aa6
                    0x00437aa8
                    0x00437aa8
                    0x00437aa6
                    0x00437aad
                    0x00437abe
                    0x00437ac9
                    0x00437ac9
                    0x00437acb
                    0x00000000
                    0x00000000
                    0x00437ace
                    0x00437ace
                    0x00437ad5
                    0x00437ad5
                    0x00437ad8
                    0x00437adb
                    0x00000000
                    0x00000000
                    0x00437add
                    0x00437adf
                    0x00437ae3
                    0x00000000
                    0x00000000
                    0x00437af9
                    0x00437afc
                    0x00437aff
                    0x00437b03
                    0x00437b08
                    0x00437b0b
                    0x00437b0d
                    0x00437b11
                    0x00437b13
                    0x00437b13
                    0x00437b11
                    0x00437b18
                    0x00437b29
                    0x00437b34
                    0x00437b34
                    0x00437b36
                    0x00000000
                    0x00000000
                    0x00437b39
                    0x00437b39
                    0x00437b40
                    0x00437b40
                    0x00437b43
                    0x00437b46
                    0x00000000
                    0x00000000
                    0x00437b48
                    0x00437b4a
                    0x00437b4e
                    0x00000000
                    0x00000000
                    0x00437b64
                    0x00437b67
                    0x00437b6a
                    0x00437b6e
                    0x00437b73
                    0x00437b76
                    0x00437b78
                    0x00437b7c
                    0x00437b7e
                    0x00437b7e
                    0x00437b7c
                    0x00437b83
                    0x00437b94
                    0x00437b9f
                    0x00437b9f
                    0x00437ba1
                    0x00437ba4
                    0x00437bb9
                    0x00437bbb
                    0x00437bc4
                    0x00000000
                    0x00437bc4
                    0x00437bbd
                    0x00000000
                    0x00437bbd
                    0x00437ba6
                    0x00000000
                    0x00000000
                    0x00437bca
                    0x00437bca
                    0x00437bd1
                    0x00437bd1
                    0x00437bd4
                    0x00437bd7
                    0x00000000
                    0x00000000
                    0x00437bd9
                    0x00437bdb
                    0x00437bdf
                    0x00000000
                    0x00000000
                    0x00437bf5
                    0x00437bf8
                    0x00437bfb
                    0x00437bff
                    0x00437c04
                    0x00437c07
                    0x00437c09
                    0x00437c0d
                    0x00437c0f
                    0x00437c0f
                    0x00437c0d
                    0x00437c14
                    0x00437c23
                    0x00437c25
                    0x00437c28
                    0x00437c2b
                    0x00437c37
                    0x00437c37
                    0x00437c37
                    0x00437c2d
                    0x00437c2d
                    0x00437c2d
                    0x00437c3f
                    0x00437c3f
                    0x00437c3f
                    0x00437c42
                    0x00437c42
                    0x00437c46
                    0x00000000
                    0x00000000
                    0x00437c48
                    0x00437c50
                    0x00437c53
                    0x00437c56
                    0x00000000
                    0x00000000
                    0x00437c5a
                    0x00437c5a
                    0x00437c61
                    0x00437c61
                    0x00437c64
                    0x00437c67
                    0x00000000
                    0x00000000
                    0x00437c69
                    0x00437c6b
                    0x00437c6f
                    0x00000000
                    0x00000000
                    0x00437c85
                    0x00437c88
                    0x00437c8b
                    0x00437c8f
                    0x00437c94
                    0x00437c97
                    0x00437c99
                    0x00437c9d
                    0x00437c9f
                    0x00437c9f
                    0x00437c9d
                    0x00437ca4
                    0x00437cb3
                    0x00437cb5
                    0x00437cb8
                    0x00437cc0
                    0x00437cc0
                    0x00437cc3
                    0x00437cc3
                    0x00437ccb
                    0x00437ccb
                    0x00437ccb
                    0x00437cce
                    0x00437cce
                    0x00437cd2
                    0x00000000
                    0x00000000
                    0x00437cd4
                    0x00437cd4
                    0x00437cd4
                    0x00437cd4
                    0x00437cd7
                    0x00437cd7
                    0x00437cda
                    0x00437cdd
                    0x00437cf0
                    0x00437cf5
                    0x00437cfc
                    0x00437cfe
                    0x00437d07
                    0x00437d07
                    0x00437d0a
                    0x00000000
                    0x00437d0a
                    0x00437d00
                    0x00000000
                    0x00437d00
                    0x00437cdf
                    0x00437ce7
                    0x00000000
                    0x00000000
                    0x00437ce9
                    0x00000000
                    0x00000000
                    0x00437d0d
                    0x00437d0d
                    0x00437d14
                    0x00437d14
                    0x00437d17
                    0x00437d1a
                    0x00000000
                    0x00000000
                    0x00437d1c
                    0x00437d1e
                    0x00437d22
                    0x00000000
                    0x00000000
                    0x00437d38
                    0x00437d3b
                    0x00437d3e
                    0x00437d42
                    0x00437d47
                    0x00437d4a
                    0x00437d4c
                    0x00437d50
                    0x00437d52
                    0x00437d52
                    0x00437d50
                    0x00437d57
                    0x00437d65
                    0x00437d68
                    0x00437d6b
                    0x00437d6e
                    0x00437d71
                    0x00437d78
                    0x00437d78
                    0x00000000
                    0x00437d78
                    0x00437d73
                    0x00437d76
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00437d7f
                    0x00437d7f
                    0x00437d86
                    0x00437d86
                    0x00437d88
                    0x00437d88
                    0x00437d8b
                    0x00437d8e
                    0x00000000
                    0x00000000
                    0x00437d90
                    0x00437d92
                    0x00437d95
                    0x00000000
                    0x00000000
                    0x00437dab
                    0x00437dae
                    0x00437db1
                    0x00437db5
                    0x00437dba
                    0x00437dbd
                    0x00437dbf
                    0x00437dc2
                    0x00437dc4
                    0x00437dc4
                    0x00437dc2
                    0x00437dc9
                    0x00437dd7
                    0x00437dda
                    0x00437ddf
                    0x00437de2
                    0x00437de5
                    0x00437dee
                    0x00000000
                    0x00437dee
                    0x00437de7
                    0x00000000
                    0x00000000
                    0x00437df6
                    0x00437df6
                    0x00437dfd
                    0x00437dfd
                    0x00437e00
                    0x00437e03
                    0x00000000
                    0x00000000
                    0x00437e05
                    0x00437e07
                    0x00437e0b
                    0x00000000
                    0x00000000
                    0x00437e21
                    0x00437e24
                    0x00437e27
                    0x00437e2b
                    0x00437e30
                    0x00437e33
                    0x00437e35
                    0x00437e39
                    0x00437e3b
                    0x00437e3b
                    0x00437e39
                    0x00437e40
                    0x00437e4f
                    0x00437e51
                    0x00437e54
                    0x00437e6e
                    0x00437e71
                    0x00437e71
                    0x00437e73
                    0x00437e7a
                    0x00437e7a
                    0x00437e7d
                    0x00437e80
                    0x00437e8a
                    0x00437e8c
                    0x00437e8f
                    0x00437ea1
                    0x00437ea1
                    0x00437ea3
                    0x00437ea5
                    0x00437ea8
                    0x00437ee3
                    0x00437ee3
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00437eaa
                    0x00437eaa
                    0x00437eaa
                    0x00437eb1
                    0x00437eb4
                    0x00437eb8
                    0x00437ebc
                    0x00437ebe
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00437ec0
                    0x00437ec0
                    0x00437ec6
                    0x00437ec8
                    0x00437ec8
                    0x00437ec9
                    0x00437ec9
                    0x00437ecd
                    0x00437ecd
                    0x00437ed0
                    0x00437ed3
                    0x00437eda
                    0x00437edb
                    0x00437ede
                    0x00437ede
                    0x00000000
                    0x00437eaa
                    0x00437e91
                    0x00437e91
                    0x00437e93
                    0x00437e93
                    0x00437e97
                    0x00437e99
                    0x00437e9c
                    0x00437e9c
                    0x00000000
                    0x00437e93
                    0x00437e82
                    0x00000000
                    0x00437e82
                    0x00437e56
                    0x00437e5c
                    0x00437e5c
                    0x00437e61
                    0x00000000
                    0x00000000
                    0x00437ffc
                    0x00437ffc
                    0x00438003
                    0x00438003
                    0x00438006
                    0x00438009
                    0x00000000
                    0x00000000
                    0x0043800b
                    0x0043800d
                    0x00438011
                    0x00000000
                    0x00000000
                    0x00438027
                    0x0043802a
                    0x0043802d
                    0x00438031
                    0x00438036
                    0x00438039
                    0x0043803b
                    0x0043803f
                    0x00438041
                    0x00438041
                    0x0043803f
                    0x0043804d
                    0x0043805b
                    0x00438061
                    0x00438065
                    0x00000000
                    0x00000000
                    0x00437f68
                    0x00437f68
                    0x00437f6f
                    0x00437f6f
                    0x00437f72
                    0x00437f75
                    0x00000000
                    0x00000000
                    0x00437f77
                    0x00437f79
                    0x00437f7d
                    0x00000000
                    0x00000000
                    0x00437f93
                    0x00437f96
                    0x00437f99
                    0x00437f9d
                    0x00437fa2
                    0x00437fa5
                    0x00437fa7
                    0x00437fab
                    0x00437fad
                    0x00437fad
                    0x00437fab
                    0x00437fb2
                    0x00437fc1
                    0x00437fc3
                    0x00437fc6
                    0x00000000
                    0x00000000
                    0x00437fdb
                    0x00437fdb
                    0x00437fdb
                    0x00437fde
                    0x00437fe5
                    0x00437fe8
                    0x00437feb
                    0x00000000
                    0x00000000
                    0x00437ff1
                    0x00437ff1
                    0x00437ff1
                    0x00437ff4
                    0x00437ff7
                    0x00437ffa
                    0x0043806d
                    0x00438071
                    0x00438075
                    0x004380ff
                    0x00438105
                    0x0043810f
                    0x0043811b
                    0x00438123
                    0x00438125
                    0x00438127
                    0x00438129
                    0x0043812c
                    0x00438131
                    0x00438132
                    0x00438138
                    0x0043813a
                    0x00438141
                    0x00438141
                    0x00438144
                    0x00438149
                    0x00438150
                    0x00438151
                    0x00438151
                    0x00438151
                    0x00438151
                    0x00438156
                    0x00438159
                    0x0043815a
                    0x0043815e
                    0x00438161
                    0x00438161
                    0x00438165
                    0x00438168
                    0x0043816b
                    0x0043816e
                    0x00000000
                    0x00000000
                    0x00438174
                    0x0043817b
                    0x0043817e
                    0x00438185
                    0x00438192
                    0x00438194
                    0x00438197
                    0x004381a0
                    0x004381a9
                    0x004381a9
                    0x004381ae
                    0x004381b1
                    0x00000000
                    0x004381b1
                    0x00438081
                    0x00438087
                    0x0043808a
                    0x0043808d
                    0x00438093
                    0x00438096
                    0x00438099
                    0x00438099
                    0x0043809b
                    0x0043809d
                    0x004380a0
                    0x004380a7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004380a9
                    0x004380a9
                    0x004380ac
                    0x004380b0
                    0x004380b2
                    0x004380b4
                    0x004380b4
                    0x004380b6
                    0x004380b9
                    0x004380bb
                    0x004380bb
                    0x004380be
                    0x004380bf
                    0x004380bf
                    0x004380c4
                    0x004380e0
                    0x004380e8
                    0x004380ef
                    0x004380f1
                    0x004380f4
                    0x004380fa
                    0x004380fa
                    0x004380fa
                    0x004380fa
                    0x00000000
                    0x00438099
                    0x00000000
                    0x00000000
                    0x00437eec
                    0x00437eec
                    0x00437ef3
                    0x00437ef3
                    0x00437ef6
                    0x00437ef9
                    0x00000000
                    0x00000000
                    0x00437efb
                    0x00437efd
                    0x00437f01
                    0x00000000
                    0x00000000
                    0x00437f17
                    0x00437f1a
                    0x00437f1d
                    0x00437f21
                    0x00437f26
                    0x00437f29
                    0x00437f2b
                    0x00437f2f
                    0x00437f31
                    0x00437f31
                    0x00437f2f
                    0x00437f36
                    0x00437f45
                    0x00437f47
                    0x00437f4a
                    0x00437f51
                    0x00437f51
                    0x00437f51
                    0x00437f4c
                    0x00437f4c
                    0x00437f4c
                    0x00437f54
                    0x00437f54
                    0x00437f58
                    0x00438046
                    0x00438046
                    0x00000000
                    0x00438046
                    0x00437f5e
                    0x00437f62
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004381b4
                    0x004381b4
                    0x004381b7
                    0x004381be
                    0x004381be
                    0x004381c1
                    0x004381c3
                    0x00000000
                    0x00000000
                    0x004381c5
                    0x004381c7
                    0x004381cb
                    0x00000000
                    0x00000000
                    0x004381e1
                    0x004381e4
                    0x004381e7
                    0x004381eb
                    0x004381f0
                    0x004381f3
                    0x004381f5
                    0x004381f9
                    0x004381fb
                    0x004381fb
                    0x004381f9
                    0x00438206
                    0x00438208
                    0x0043820c
                    0x00438211
                    0x00438219
                    0x00000000
                    0x00000000
                    0x0043821e
                    0x0043821e
                    0x00438225
                    0x00438225
                    0x00438228
                    0x0043822b
                    0x00000000
                    0x00000000
                    0x0043822d
                    0x0043822f
                    0x00438233
                    0x00000000
                    0x00000000
                    0x00438249
                    0x0043824c
                    0x0043824f
                    0x00438253
                    0x00438258
                    0x0043825b
                    0x0043825d
                    0x00438261
                    0x00438263
                    0x00438263
                    0x00438261
                    0x00438268
                    0x00438278
                    0x0043827c
                    0x0043827c
                    0x0043827e
                    0x00438281
                    0x00438284
                    0x00438287
                    0x00438287
                    0x0043828a
                    0x00000000
                    0x00000000
                    0x00438293
                    0x00438296
                    0x00438299
                    0x004382a7
                    0x00000000
                    0x004382a7
                    0x0043829b
                    0x0043829c
                    0x00000000
                    0x00000000
                    0x00438691
                    0x00438691
                    0x00438698
                    0x00438698
                    0x0043869b
                    0x0043869d
                    0x00000000
                    0x00000000
                    0x0043869f
                    0x004386a1
                    0x004386a5
                    0x00000000
                    0x00000000
                    0x004386bb
                    0x004386be
                    0x004386c1
                    0x004386c5
                    0x004386ca
                    0x004386cd
                    0x004386cf
                    0x004386d3
                    0x004386d5
                    0x004386d5
                    0x004386d3
                    0x004386e0
                    0x004386e2
                    0x004386e6
                    0x004386eb
                    0x004386f1
                    0x004386f1
                    0x004386f3
                    0x00000000
                    0x00000000
                    0x00438711
                    0x00438711
                    0x00438718
                    0x00438718
                    0x0043871b
                    0x0043871e
                    0x00000000
                    0x00000000
                    0x00438720
                    0x00438722
                    0x00438726
                    0x00000000
                    0x00000000
                    0x0043873c
                    0x0043873f
                    0x00438742
                    0x00438746
                    0x0043874b
                    0x0043874e
                    0x00438750
                    0x00438754
                    0x00438756
                    0x00438756
                    0x00438754
                    0x0043875b
                    0x0043876b
                    0x00438771
                    0x00438774
                    0x00438777
                    0x004386f6
                    0x004386f6
                    0x004386f9
                    0x00438702
                    0x00438705
                    0x00438708
                    0x0043870b
                    0x00438782
                    0x00438782
                    0x00438785
                    0x00000000
                    0x00000000
                    0x0043878b
                    0x00438790
                    0x00000000
                    0x00000000
                    0x00438799
                    0x0043879c
                    0x0043879e
                    0x004387a1
                    0x00000000
                    0x00000000
                    0x004387a7
                    0x004387aa
                    0x00000000
                    0x00000000
                    0x004387b6
                    0x004387b9
                    0x004387c4
                    0x004387cb
                    0x004387ce
                    0x004387d2
                    0x004387d6
                    0x0043880f
                    0x00438813
                    0x00000000
                    0x00000000
                    0x00438819
                    0x0043881c
                    0x0043881c
                    0x0043881f
                    0x00000000
                    0x00000000
                    0x00438827
                    0x0043882a
                    0x0043882b
                    0x0043882e
                    0x00438831
                    0x00438835
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00438837
                    0x0043883c
                    0x00000000
                    0x0043883c
                    0x004387d8
                    0x004387da
                    0x00000000
                    0x00000000
                    0x004387e0
                    0x004387e3
                    0x004387e3
                    0x004387e6
                    0x00000000
                    0x00000000
                    0x004387f2
                    0x004387f6
                    0x004387f7
                    0x004387fa
                    0x004387fd
                    0x00438801
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00438803
                    0x00438808
                    0x00000000
                    0x00438808
                    0x0043870d
                    0x0043870d
                    0x0043870e
                    0x00000000
                    0x0043870e
                    0x00000000
                    0x00000000
                    0x00438594
                    0x00438594
                    0x00438597
                    0x0043859e
                    0x0043859e
                    0x004385a1
                    0x004385a3
                    0x00000000
                    0x00000000
                    0x004385a5
                    0x004385a7
                    0x004385ab
                    0x00000000
                    0x00000000
                    0x004385c1
                    0x004385c4
                    0x004385c7
                    0x004385cb
                    0x004385d0
                    0x004385d3
                    0x004385d5
                    0x004385d9
                    0x004385db
                    0x004385db
                    0x004385d9
                    0x004385e6
                    0x004385e8
                    0x004385ec
                    0x004385f1
                    0x004385f9
                    0x00000000
                    0x00000000
                    0x004382af
                    0x004382af
                    0x004382b0
                    0x004382b3
                    0x004382b5
                    0x004382b5
                    0x004382b5
                    0x004382b6
                    0x004382b6
                    0x004382b9
                    0x004382bc
                    0x00000000
                    0x00000000
                    0x004382be
                    0x004382c0
                    0x004382c4
                    0x00000000
                    0x00000000
                    0x004382da
                    0x004382dd
                    0x004382e0
                    0x004382e4
                    0x004382e9
                    0x004382ec
                    0x004382ee
                    0x004382f2
                    0x004382f4
                    0x004382f4
                    0x004382f2
                    0x004382f9
                    0x00438309
                    0x0043830d
                    0x0043830d
                    0x0043830f
                    0x00438312
                    0x00438315
                    0x00438318
                    0x00438318
                    0x0043831b
                    0x004386fb
                    0x004386fb
                    0x00000000
                    0x004386fb
                    0x00438321
                    0x00438324
                    0x00438329
                    0x0043832c
                    0x0043832f
                    0x0043833d
                    0x0043833d
                    0x00438340
                    0x00438340
                    0x00438b80
                    0x00438b80
                    0x00000000
                    0x00438b80
                    0x00438346
                    0x0043834b
                    0x00000000
                    0x00000000
                    0x00438354
                    0x00438357
                    0x0043835a
                    0x0043835a
                    0x0043835d
                    0x00438843
                    0x00438846
                    0x00438848
                    0x00438b79
                    0x00438b79
                    0x00000000
                    0x00438b79
                    0x0043884e
                    0x00438851
                    0x00000000
                    0x00000000
                    0x00438857
                    0x0043885b
                    0x0043885f
                    0x00438866
                    0x00438866
                    0x00438866
                    0x0043886d
                    0x00438878
                    0x0043887f
                    0x00438881
                    0x00438883
                    0x00438889
                    0x0043888b
                    0x0043888e
                    0x0043888e
                    0x0043888e
                    0x00438891
                    0x00438893
                    0x00438896
                    0x00438898
                    0x0043889b
                    0x0043889b
                    0x0043889b
                    0x0043889e
                    0x004388a2
                    0x00438ac3
                    0x00438ac5
                    0x00438ac8
                    0x00438acb
                    0x00438afa
                    0x00438afa
                    0x00438b06
                    0x00438b0c
                    0x00438b0f
                    0x00438b13
                    0x00438b16
                    0x00438b5a
                    0x00438b5d
                    0x00438b67
                    0x00438b6a
                    0x00438b71
                    0x00438b18
                    0x00438b18
                    0x00438b1b
                    0x00438b1e
                    0x00438b21
                    0x00438b23
                    0x00438b26
                    0x00438b27
                    0x00438b2e
                    0x00438b31
                    0x00438b37
                    0x00438b3e
                    0x00438b41
                    0x00438b47
                    0x00438b4a
                    0x00438b4f
                    0x00438b4f
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00438acd
                    0x00438acd
                    0x00438acd
                    0x00438ad3
                    0x00438aed
                    0x00438aef
                    0x00438af1
                    0x00438af2
                    0x00438af2
                    0x00438af7
                    0x00000000
                    0x00438af7
                    0x004388a8
                    0x004388ae
                    0x004388b3
                    0x004388b9
                    0x004388bb
                    0x004388be
                    0x004388be
                    0x004388be
                    0x004388c1
                    0x004388c3
                    0x004388c6
                    0x0043892a
                    0x0043892a
                    0x00438935
                    0x00438958
                    0x0043895f
                    0x00438967
                    0x00438969
                    0x00438978
                    0x0043897b
                    0x0043898c
                    0x00438992
                    0x00438996
                    0x00438999
                    0x0043899f
                    0x004389c5
                    0x004389c5
                    0x004389c7
                    0x004389a1
                    0x004389b1
                    0x004389b1
                    0x004389c9
                    0x004389cc
                    0x004389cf
                    0x004389d2
                    0x00000000
                    0x00000000
                    0x0043895c
                    0x0043895c
                    0x004389d4
                    0x004389d9
                    0x004389dd
                    0x004389e0
                    0x004389e6
                    0x00438a8c
                    0x00438a8f
                    0x00438ab6
                    0x00438abc
                    0x004389ec
                    0x004389f2
                    0x004389fa
                    0x004389fd
                    0x00438a02
                    0x00438a0d
                    0x00438a32
                    0x00438a38
                    0x00438a3b
                    0x00438a3e
                    0x00438a40
                    0x00438a4a
                    0x00438a4b
                    0x00438a51
                    0x00438a54
                    0x00438a57
                    0x00438a59
                    0x00438a59
                    0x00438a57
                    0x00438a5c
                    0x00438a64
                    0x00438a6a
                    0x00438a6a
                    0x00438a6c
                    0x00438a6c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004388c8
                    0x004388c8
                    0x004388c8
                    0x004388ce
                    0x004388d4
                    0x004388e0
                    0x004388e7
                    0x004388ea
                    0x004388ec
                    0x00438910
                    0x0043891e
                    0x0043891e
                    0x00438920
                    0x004388ee
                    0x00438904
                    0x00438904
                    0x00438922
                    0x00438924
                    0x00438925
                    0x00438925
                    0x00000000
                    0x004388c8
                    0x00438363
                    0x00438365
                    0x00438601
                    0x00438601
                    0x00438601
                    0x00438601
                    0x00438605
                    0x0043860c
                    0x0043860c
                    0x0043860e
                    0x00438618
                    0x0043861b
                    0x00438626
                    0x00438626
                    0x00438629
                    0x0043862e
                    0x00438632
                    0x00438635
                    0x00438688
                    0x00438688
                    0x0043868b
                    0x0043868b
                    0x0043868b
                    0x0043868e
                    0x00000000
                    0x0043868e
                    0x0043863a
                    0x0043863b
                    0x0043863e
                    0x00438641
                    0x0043864a
                    0x00438652
                    0x00438655
                    0x00438669
                    0x0043866b
                    0x00438674
                    0x0043867d
                    0x0043867d
                    0x00438682
                    0x00438685
                    0x00000000
                    0x00438685
                    0x00438643
                    0x00438643
                    0x00000000
                    0x00438643
                    0x00438610
                    0x00438613
                    0x00000000
                    0x00438613
                    0x0043836b
                    0x0043836e
                    0x00000000
                    0x00000000
                    0x00438377
                    0x0043837a
                    0x00438383
                    0x00438386
                    0x00438389
                    0x00438445
                    0x00438448
                    0x0043844f
                    0x00438458
                    0x0043845a
                    0x00438463
                    0x00438466
                    0x0043847b
                    0x0043847b
                    0x0043847d
                    0x0043847f
                    0x0043849e
                    0x0043849e
                    0x004384b3
                    0x004384ba
                    0x004384bd
                    0x004384f1
                    0x004384f1
                    0x004384fd
                    0x00438504
                    0x00438508
                    0x00438510
                    0x00438531
                    0x00438512
                    0x0043851f
                    0x0043851f
                    0x00438534
                    0x00438537
                    0x0043853b
                    0x0043858b
                    0x0043858e
                    0x0043858e
                    0x0043858e
                    0x00438591
                    0x00000000
                    0x0043853d
                    0x00438540
                    0x00438541
                    0x00438544
                    0x00438547
                    0x00000000
                    0x00000000
                    0x0043854d
                    0x00438555
                    0x00438558
                    0x0043856c
                    0x0043856e
                    0x00438577
                    0x00438580
                    0x00438580
                    0x00438585
                    0x00438588
                    0x00000000
                    0x00438588
                    0x0043853b
                    0x004384bf
                    0x004384c1
                    0x004384c6
                    0x004384cc
                    0x004384cd
                    0x004384cd
                    0x004384cf
                    0x004384d0
                    0x004384d2
                    0x004384d4
                    0x004384d5
                    0x004384d5
                    0x004384dd
                    0x004384dd
                    0x004384e6
                    0x004384e9
                    0x004384eb
                    0x004384ee
                    0x004384ee
                    0x004384ee
                    0x00000000
                    0x004384cd
                    0x00438481
                    0x00438483
                    0x00438483
                    0x00438485
                    0x00438487
                    0x0043848a
                    0x0043848d
                    0x0043848d
                    0x00438495
                    0x00438495
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00438468
                    0x00438468
                    0x0043846f
                    0x00438476
                    0x00438477
                    0x00438477
                    0x00000000
                    0x00438468
                    0x0043838f
                    0x00438395
                    0x00438398
                    0x0043839b
                    0x004383a5
                    0x004383a8
                    0x0043841c
                    0x0043841c
                    0x0043841e
                    0x00438431
                    0x00438434
                    0x00000000
                    0x00438434
                    0x00438420
                    0x00438427
                    0x0043842b
                    0x0043842e
                    0x0043842e
                    0x0043842e
                    0x00000000
                    0x00438427
                    0x004383aa
                    0x004383b4
                    0x004383bc
                    0x004383c9
                    0x004383d6
                    0x004383e3
                    0x004383e8
                    0x004383e8
                    0x004383eb
                    0x004383f0
                    0x004383f3
                    0x004383f9
                    0x004383fd
                    0x00438405
                    0x00438410
                    0x00438413
                    0x00438416
                    0x00438416
                    0x00438416
                    0x00438419
                    0x00000000
                    0x00438419
                    0x0043837c
                    0x00000000
                    0x0043837c
                    0x00438331
                    0x00438332
                    0x00000000
                    0x00000000
                    0x00438b87
                    0x00438b87
                    0x00438b8e
                    0x00438b8e
                    0x00438b91
                    0x00438b94
                    0x00000000
                    0x00000000
                    0x00438b96
                    0x00438b98
                    0x00438b9c
                    0x00000000
                    0x00000000
                    0x00438bb2
                    0x00438bb5
                    0x00438bb8
                    0x00438bbc
                    0x00438bc1
                    0x00438bc4
                    0x00438bc6
                    0x00438bca
                    0x00438bcc
                    0x00438bcc
                    0x00438bca
                    0x00438bd1
                    0x00438bdf
                    0x00438be4
                    0x00438be6
                    0x00000000
                    0x00000000
                    0x00438be8
                    0x00000000
                    0x00000000
                    0x00438bef
                    0x00438bef
                    0x00438bf6
                    0x00438bf6
                    0x00438bf9
                    0x00438bfc
                    0x00000000
                    0x00000000
                    0x00438bfe
                    0x00438c00
                    0x00438c04
                    0x00000000
                    0x00000000
                    0x00438c1a
                    0x00438c1d
                    0x00438c20
                    0x00438c24
                    0x00438c29
                    0x00438c2c
                    0x00438c2e
                    0x00438c32
                    0x00438c34
                    0x00438c34
                    0x00438c32
                    0x00438c39
                    0x00438c47
                    0x00438c4c
                    0x00438c4e
                    0x00000000
                    0x00000000
                    0x00438c50
                    0x00000000
                    0x00000000
                    0x00438c57
                    0x00438c57
                    0x00438c5e
                    0x00438c5e
                    0x00438c61
                    0x00438c64
                    0x00000000
                    0x00000000
                    0x00438c66
                    0x00438c68
                    0x00438c6c
                    0x00000000
                    0x00000000
                    0x00438c82
                    0x00438c85
                    0x00438c88
                    0x00438c8c
                    0x00438c91
                    0x00438c94
                    0x00438c96
                    0x00438c9a
                    0x00438c9c
                    0x00438c9c
                    0x00438c9a
                    0x00438ca1
                    0x00438caf
                    0x00438cb4
                    0x00438cb6
                    0x00000000
                    0x00000000
                    0x00438cb8
                    0x00000000
                    0x00000000
                    0x00438cbf
                    0x00438cbf
                    0x00438cc6
                    0x00438cc6
                    0x00438cc9
                    0x00438ccc
                    0x00000000
                    0x00000000
                    0x00438cce
                    0x00438cd0
                    0x00438cd4
                    0x00000000
                    0x00000000
                    0x00438cea
                    0x00438ced
                    0x00438cf0
                    0x00438cf4
                    0x00438cf9
                    0x00438cfc
                    0x00438cfe
                    0x00438d02
                    0x00438d04
                    0x00438d04
                    0x00438d02
                    0x00438d09
                    0x00438d17
                    0x00438d1c
                    0x00438d1e
                    0x00000000
                    0x00000000
                    0x00438d20
                    0x00000000
                    0x00000000
                    0x00438d27
                    0x00438d27
                    0x00438d2e
                    0x00438d2e
                    0x00438d31
                    0x00438d34
                    0x00000000
                    0x00000000
                    0x00438d36
                    0x00438d38
                    0x00438d3c
                    0x00000000
                    0x00000000
                    0x00438d52
                    0x00438d55
                    0x00438d58
                    0x00438d5c
                    0x00438d61
                    0x00438d64
                    0x00438d66
                    0x00438d6a
                    0x00438d6c
                    0x00438d6c
                    0x00438d6a
                    0x00438d71
                    0x00438d7f
                    0x00438d84
                    0x00438d86
                    0x00438d8f
                    0x00438d8f
                    0x00438d8f
                    0x00000000
                    0x00438d8f
                    0x00438d88
                    0x00000000
                    0x00000000
                    0x00438d96
                    0x00438d96
                    0x00438d9d
                    0x00438d9d
                    0x00438da0
                    0x00438da3
                    0x00000000
                    0x00000000
                    0x00438da5
                    0x00438da7
                    0x00438dab
                    0x00000000
                    0x00000000
                    0x00438dc1
                    0x00438dc4
                    0x00438dc7
                    0x00438dcb
                    0x00438dd0
                    0x00438dd3
                    0x00438dd5
                    0x00438dd9
                    0x00438ddb
                    0x00438ddb
                    0x00438dd9
                    0x00438de0
                    0x00438dee
                    0x00438df4
                    0x00438e01
                    0x00438e01
                    0x00438e03
                    0x00000000
                    0x00000000
                    0x00438e05
                    0x00438e05
                    0x00438e0c
                    0x00438e0c
                    0x00438e0f
                    0x00438e12
                    0x00000000
                    0x00000000
                    0x00438e14
                    0x00438e16
                    0x00438e1a
                    0x00000000
                    0x00000000
                    0x00438e30
                    0x00438e33
                    0x00438e36
                    0x00438e3a
                    0x00438e3f
                    0x00438e42
                    0x00438e44
                    0x00438e48
                    0x00438e4a
                    0x00438e4a
                    0x00438e48
                    0x00438e4f
                    0x00438e5d
                    0x00438e63
                    0x00438e70
                    0x00438e70
                    0x00438e72
                    0x00000000
                    0x00000000
                    0x00438e74
                    0x00438e74
                    0x00438e7b
                    0x00438e7b
                    0x00438e7e
                    0x00438e81
                    0x00000000
                    0x00000000
                    0x00438e83
                    0x00438e85
                    0x00438e89
                    0x00000000
                    0x00000000
                    0x00438e9f
                    0x00438ea2
                    0x00438ea5
                    0x00438ea9
                    0x00438eae
                    0x00438eb1
                    0x00438eb3
                    0x00438eb7
                    0x00438eb9
                    0x00438eb9
                    0x00438eb7
                    0x00438ebe
                    0x00438ecc
                    0x00438ed2
                    0x00438edf
                    0x00438edf
                    0x00438ee1
                    0x00000000
                    0x00000000
                    0x00438ee3
                    0x00438ee3
                    0x00438eea
                    0x00438eea
                    0x00438eed
                    0x00438ef0
                    0x00000000
                    0x00000000
                    0x00438ef2
                    0x00438ef4
                    0x00438ef8
                    0x00438a6f
                    0x00438a6f
                    0x00000000
                    0x00438a6f
                    0x00438f0e
                    0x00438f11
                    0x00438f14
                    0x00438f18
                    0x00438f1d
                    0x00438f20
                    0x00438f22
                    0x00438f26
                    0x00438f28
                    0x00438f28
                    0x00438f26
                    0x00438f2d
                    0x00438f33
                    0x00438f3a
                    0x00438f44
                    0x00438f4a
                    0x00438f57
                    0x00438f57
                    0x00438f59
                    0x00438f5b
                    0x00438f5b
                    0x00000000
                    0x00000000

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID: $2
                    • API String ID: 0-4264767444
                    • Opcode ID: e60eefb29bb4a417a04ef9d2c394d40524fdb9eb9bc646757bfb54a23ebda30f
                    • Instruction ID: 92813fc1cf16d17820f519c02c34c828085d045340b9a7e1eebf5956d6cb5dd3
                    • Opcode Fuzzy Hash: e60eefb29bb4a417a04ef9d2c394d40524fdb9eb9bc646757bfb54a23ebda30f
                    • Instruction Fuzzy Hash: A1330570504B048FD724CF18C494AAAFBF1FF89315F249A5ED49A8BBA1D738A946DF04
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041C816 Relevance: 3.0, Strings: 1, Instructions: 1775COMMONCrypto
                    Download Yara Rule
                    C-Code - Quality: 48%
                    			E0041C816(intOrPtr __eax, signed int __edi, void* __esi, intOrPtr _a96, signed int _a104, intOrPtr _a112) {
				intOrPtr _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				intOrPtr _t213;
				intOrPtr _t214;
				intOrPtr _t220;
				intOrPtr _t221;
				intOrPtr _t226;
				intOrPtr _t227;
				intOrPtr _t233;
				intOrPtr _t234;
				intOrPtr _t239;
				intOrPtr _t240;
				intOrPtr _t246;
				intOrPtr _t247;
				intOrPtr _t252;
				intOrPtr _t253;
				intOrPtr _t259;
				intOrPtr _t260;
				intOrPtr _t265;
				intOrPtr _t266;
				intOrPtr _t272;
				intOrPtr _t273;
				intOrPtr _t278;
				intOrPtr _t279;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t291;
				intOrPtr _t292;
				intOrPtr _t298;
				intOrPtr _t299;
				intOrPtr _t304;
				intOrPtr _t305;
				intOrPtr _t311;
				intOrPtr _t312;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t324;
				intOrPtr _t325;
				intOrPtr _t330;
				intOrPtr _t331;
				intOrPtr _t337;
				intOrPtr _t338;
				intOrPtr _t343;
				intOrPtr _t344;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t356;
				intOrPtr _t357;
				intOrPtr _t363;
				intOrPtr _t364;
				intOrPtr _t369;
				intOrPtr _t370;
				intOrPtr _t376;
				intOrPtr _t377;
				intOrPtr _t382;
				intOrPtr _t383;
				intOrPtr _t389;
				intOrPtr _t390;
				intOrPtr _t395;
				intOrPtr _t396;
				intOrPtr _t402;
				intOrPtr _t403;
				intOrPtr _t408;
				intOrPtr _t409;
				intOrPtr _t415;
				intOrPtr _t416;
				intOrPtr _t421;
				intOrPtr _t422;
				intOrPtr* _t429;
				intOrPtr* _t430;
				intOrPtr* _t431;
				intOrPtr* _t432;
				intOrPtr* _t433;
				intOrPtr* _t434;
				intOrPtr* _t435;
				intOrPtr* _t436;
				intOrPtr* _t437;
				intOrPtr* _t438;
				intOrPtr* _t439;
				intOrPtr* _t440;
				intOrPtr* _t441;
				intOrPtr* _t442;
				intOrPtr* _t443;
				intOrPtr* _t444;
				intOrPtr* _t445;
				intOrPtr* _t446;
				intOrPtr* _t447;
				intOrPtr* _t448;
				intOrPtr* _t449;
				intOrPtr* _t450;
				intOrPtr* _t451;
				intOrPtr* _t452;
				intOrPtr* _t453;
				intOrPtr* _t454;
				intOrPtr* _t455;
				intOrPtr* _t456;
				intOrPtr* _t457;
				intOrPtr* _t458;
				intOrPtr* _t459;
				intOrPtr* _t460;
				intOrPtr* _t461;
				intOrPtr* _t462;
				void* _t668;
				signed int _t686;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t692;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				signed int _t716;
				signed int _t717;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				void* _t722;
				intOrPtr* _t725;
				intOrPtr _t726;
				intOrPtr _t727;
				intOrPtr _t728;
				intOrPtr _t729;
				intOrPtr _t730;
				intOrPtr _t731;
				intOrPtr _t732;
				intOrPtr _t733;
				intOrPtr _t734;
				intOrPtr _t735;
				intOrPtr _t736;
				intOrPtr _t737;
				intOrPtr _t738;
				intOrPtr _t739;
				intOrPtr _t740;
				intOrPtr _t741;
				intOrPtr _t742;
				intOrPtr _t743;
				intOrPtr _t744;
				intOrPtr _t745;
				intOrPtr _t746;
				intOrPtr _t747;
				intOrPtr _t748;
				intOrPtr _t749;
				intOrPtr _t750;
				intOrPtr _t751;
				intOrPtr _t752;
				intOrPtr _t753;
				intOrPtr _t754;
				intOrPtr _t755;
				intOrPtr _t756;
				intOrPtr _t757;
				intOrPtr _t758;
				void* _t759;
				void* _t761;
				void* _t762;
				void* _t763;
				void* _t764;
				void* _t765;
				void* _t766;
				void* _t767;
				void* _t768;
				void* _t769;
				void* _t770;
				void* _t771;
				void* _t772;
				void* _t773;
				void* _t774;
				void* _t775;
				void* _t776;
				void* _t777;
				void* _t778;
				void* _t779;
				void* _t780;
				void* _t781;
				void* _t782;
				void* _t783;
				void* _t784;
				void* _t785;
				void* _t786;
				void* _t787;
				void* _t788;
				void* _t789;
				void* _t790;
				void* _t791;
				void* _t792;
				void* _t793;
				void* _t794;

				_t722 = __esi;
				_t686 = __edi;
				_t206 = __eax;
				if(__eax != 0x271a) {
					if(__eax != 0x2721) {
						if(__eax != 0x2725) {
							if(__eax != 0x272d) {
								if(__eax != 0x275f) {
									if(__eax != 0x2761) {
										if(__eax != 0x2762) {
											if(__eax != 0x4e89) {
												if(__eax != 0x4e8a) {
													if(__eax != 0x4e8b) {
														if(__eax != 0x4e8c) {
															if(__eax != 0x4e9f) {
																if(__eax != 0x4f25) {
																	if(__eax != 0x4f2d) {
																		if(__eax != 0x4f31) {
																			if(__eax != 0x4f35) {
																				if(__eax != 0x4f36) {
																					if(__eax != 0x4f38) {
																						if(__eax != 0x4f3c) {
																							if(__eax != 0x4f3d) {
																								if(__eax != 0x4f42) {
																									if(__eax != 0x4f49) {
																										if(__eax != 0x4fc4) {
																											if(__eax != 0x4fc7) {
																												if(__eax != 0x4fc8) {
																													if(__eax != 0x5166) {
																														if(__eax != 0x5182) {
																															if(__eax != 0x5187) {
																																if(__eax != 0x5190) {
																																	if(__eax != 0x51a9) {
																																		if(__eax != 0x51bc) {
																																			if(__eax != 0x5221) {
																																				if(__eax != 0x556a) {
																																					if(__eax == 0x96c6) {
																																						_t206 =  *0x473000; // 0x0
																																						if(_t206 == 0) {
																																							_t207 = E0042929A(0x204);
																																							_t761 = _t759 + 4;
																																							_a112 = _t207;
																																							_a104 = 0xd3;
																																							if(_t207 == 0) {
																																								_t725 = 0;
																																							} else {
																																								_t725 = E00427290(_t207);
																																							}
																																							_t688 = _t686 | 0xffffffff;
																																							_a104 = _t688;
																																							_t208 = E0042929A(0x10);
																																							_t759 = _t761 + 4;
																																							_a112 = _t208;
																																							_a104 = 0xd4;
																																							if(_t208 == 0) {
																																								_t429 = 0;
																																							} else {
																																								_t429 = E00426770(_t208);
																																							}
																																							_a104 = _t688;
																																							E00426820(_t429, 0x11b);
																																							E004160E0(_t722, _t668, 0x454880, _t429, 0);
																																							_push(_t725);
																																							_push(_t429);
																																							_t206 = L00419660();
																																							if(_t429 != 0) {
																																								_t206 =  *((intOrPtr*)( *_t429))(1);
																																							}
																																							 *0x473000 = _t725;
																																						}
																																					}
																																				} else {
																																					_t206 =  *0x472ff8; // 0x0
																																					if(_t206 == 0) {
																																						_t213 = E0042929A(0x204);
																																						_t762 = _t759 + 4;
																																						_a112 = _t213;
																																						_a104 = 0xd1;
																																						if(_t213 == 0) {
																																							_t726 = 0;
																																						} else {
																																							_t726 = E00427290(_t213);
																																						}
																																						_t689 = _t686 | 0xffffffff;
																																						_a104 = _t689;
																																						_t214 = E0042929A(0x10);
																																						_t759 = _t762 + 4;
																																						_a112 = _t214;
																																						_a104 = 0xd2;
																																						if(_t214 == 0) {
																																							_t430 = 0;
																																						} else {
																																							_t430 = E00426770(_t214);
																																						}
																																						_a104 = _t689;
																																						E00426820(_t430, 0x11b);
																																						E004160E0(_t722, _t668, 0x45487c, _t430, 0);
																																						_push(_t726);
																																						_push(_t430);
																																						_t206 = L00419660();
																																						if(_t430 != 0) {
																																							_t206 =  *((intOrPtr*)( *_t430))(1);
																																						}
																																						 *0x472ff8 = _t726;
																																					}
																																				}
																																			} else {
																																				_t206 =  *0x472ff0; // 0x0
																																				if(_t206 == 0) {
																																					_t220 = E0042929A(0x204);
																																					_t763 = _t759 + 4;
																																					_a112 = _t220;
																																					_a104 = 0xcf;
																																					if(_t220 == 0) {
																																						_t727 = 0;
																																					} else {
																																						_t727 = E00427290(_t220);
																																					}
																																					_t690 = _t686 | 0xffffffff;
																																					_a104 = _t690;
																																					_t221 = E0042929A(0x10);
																																					_t759 = _t763 + 4;
																																					_a112 = _t221;
																																					_a104 = 0xd0;
																																					if(_t221 == 0) {
																																						_t431 = 0;
																																					} else {
																																						_t431 = E00426770(_t221);
																																					}
																																					_a104 = _t690;
																																					E00426820(_t431, 0x11b);
																																					E004160E0(_t722, _t668, 0x454878, _t431, 0);
																																					_push(_t727);
																																					_push(_t431);
																																					_t206 = L00419660();
																																					if(_t431 != 0) {
																																						_t206 =  *((intOrPtr*)( *_t431))(1);
																																					}
																																					 *0x472ff0 = _t727;
																																				}
																																			}
																																		} else {
																																			_t206 =  *0x472fe8; // 0x0
																																			if(_t206 == 0) {
																																				_t226 = E0042929A(0x204);
																																				_t764 = _t759 + 4;
																																				_a112 = _t226;
																																				_a104 = 0xcd;
																																				if(_t226 == 0) {
																																					_t728 = 0;
																																				} else {
																																					_t728 = E00427290(_t226);
																																				}
																																				_t691 = _t686 | 0xffffffff;
																																				_a104 = _t691;
																																				_t227 = E0042929A(0x10);
																																				_t759 = _t764 + 4;
																																				_a112 = _t227;
																																				_a104 = 0xce;
																																				if(_t227 == 0) {
																																					_t432 = 0;
																																				} else {
																																					_t432 = E00426770(_t227);
																																				}
																																				_a104 = _t691;
																																				E00426820(_t432, 0x11b);
																																				E004160E0(_t722, _t668, 0x454874, _t432, 0);
																																				_push(_t728);
																																				_push(_t432);
																																				_t206 = L00419660();
																																				if(_t432 != 0) {
																																					_t206 =  *((intOrPtr*)( *_t432))(1);
																																				}
																																				 *0x472fe8 = _t728;
																																			}
																																		}
																																	} else {
																																		_t206 =  *0x472fe0; // 0x0
																																		if(_t206 == 0) {
																																			_t233 = E0042929A(0x204);
																																			_t765 = _t759 + 4;
																																			_a112 = _t233;
																																			_a104 = 0xcb;
																																			if(_t233 == 0) {
																																				_t729 = 0;
																																			} else {
																																				_t729 = E00427290(_t233);
																																			}
																																			_t692 = _t686 | 0xffffffff;
																																			_a104 = _t692;
																																			_t234 = E0042929A(0x10);
																																			_t759 = _t765 + 4;
																																			_a112 = _t234;
																																			_a104 = 0xcc;
																																			if(_t234 == 0) {
																																				_t433 = 0;
																																			} else {
																																				_t433 = E00426770(_t234);
																																			}
																																			_a104 = _t692;
																																			E00426820(_t433, 0x11b);
																																			E004160E0(_t722, _t668, 0x454870, _t433, 0);
																																			_push(_t729);
																																			_push(_t433);
																																			_t206 = L00419660();
																																			if(_t433 != 0) {
																																				_t206 =  *((intOrPtr*)( *_t433))(1);
																																			}
																																			 *0x472fe0 = _t729;
																																		}
																																	}
																																} else {
																																	_t206 =  *0x472fd8; // 0x0
																																	if(_t206 == 0) {
																																		_t239 = E0042929A(0x204);
																																		_t766 = _t759 + 4;
																																		_a112 = _t239;
																																		_a104 = 0xc9;
																																		if(_t239 == 0) {
																																			_t730 = 0;
																																		} else {
																																			_t730 = E00427290(_t239);
																																		}
																																		_t693 = _t686 | 0xffffffff;
																																		_a104 = _t693;
																																		_t240 = E0042929A(0x10);
																																		_t759 = _t766 + 4;
																																		_a112 = _t240;
																																		_a104 = 0xca;
																																		if(_t240 == 0) {
																																			_t434 = 0;
																																		} else {
																																			_t434 = E00426770(_t240);
																																		}
																																		_a104 = _t693;
																																		E00426820(_t434, 0x11b);
																																		E004160E0(_t722, _t668, 0x45486c, _t434, 0);
																																		_push(_t730);
																																		_push(_t434);
																																		_t206 = L00419660();
																																		if(_t434 != 0) {
																																			_t206 =  *((intOrPtr*)( *_t434))(1);
																																		}
																																		 *0x472fd8 = _t730;
																																	}
																																}
																															} else {
																																_t206 =  *0x472fd0; // 0x0
																																if(_t206 == 0) {
																																	_t246 = E0042929A(0x204);
																																	_t767 = _t759 + 4;
																																	_a112 = _t246;
																																	_a104 = 0xc7;
																																	if(_t246 == 0) {
																																		_t731 = 0;
																																	} else {
																																		_t731 = E00427290(_t246);
																																	}
																																	_t694 = _t686 | 0xffffffff;
																																	_a104 = _t694;
																																	_t247 = E0042929A(0x10);
																																	_t759 = _t767 + 4;
																																	_a112 = _t247;
																																	_a104 = 0xc8;
																																	if(_t247 == 0) {
																																		_t435 = 0;
																																	} else {
																																		_t435 = E00426770(_t247);
																																	}
																																	_a104 = _t694;
																																	E00426820(_t435, 0x11b);
																																	E004160E0(_t722, _t668, 0x454868, _t435, 0);
																																	_push(_t731);
																																	_push(_t435);
																																	_t206 = L00419660();
																																	if(_t435 != 0) {
																																		_t206 =  *((intOrPtr*)( *_t435))(1);
																																	}
																																	 *0x472fd0 = _t731;
																																}
																															}
																														} else {
																															_t206 =  *0x472fc8; // 0x0
																															if(_t206 == 0) {
																																_t252 = E0042929A(0x204);
																																_t768 = _t759 + 4;
																																_a112 = _t252;
																																_a104 = 0xc5;
																																if(_t252 == 0) {
																																	_t732 = 0;
																																} else {
																																	_t732 = E00427290(_t252);
																																}
																																_t695 = _t686 | 0xffffffff;
																																_a104 = _t695;
																																_t253 = E0042929A(0x10);
																																_t759 = _t768 + 4;
																																_a112 = _t253;
																																_a104 = 0xc6;
																																if(_t253 == 0) {
																																	_t436 = 0;
																																} else {
																																	_t436 = E00426770(_t253);
																																}
																																_a104 = _t695;
																																E00426820(_t436, 0x11b);
																																E004160E0(_t722, _t668, 0x454864, _t436, 0);
																																_push(_t732);
																																_push(_t436);
																																_t206 = L00419660();
																																if(_t436 != 0) {
																																	_t206 =  *((intOrPtr*)( *_t436))(1);
																																}
																																 *0x472fc8 = _t732;
																															}
																														}
																													} else {
																														_t206 =  *0x472fc0; // 0x0
																														if(_t206 == 0) {
																															_t259 = E0042929A(0x204);
																															_t769 = _t759 + 4;
																															_a112 = _t259;
																															_a104 = 0xc3;
																															if(_t259 == 0) {
																																_t733 = 0;
																															} else {
																																_t733 = E00427290(_t259);
																															}
																															_t696 = _t686 | 0xffffffff;
																															_a104 = _t696;
																															_t260 = E0042929A(0x10);
																															_t759 = _t769 + 4;
																															_a112 = _t260;
																															_a104 = 0xc4;
																															if(_t260 == 0) {
																																_t437 = 0;
																															} else {
																																_t437 = E00426770(_t260);
																															}
																															_a104 = _t696;
																															E00426820(_t437, 0x11b);
																															E004160E0(_t722, _t668, 0x454860, _t437, 0);
																															_push(_t733);
																															_push(_t437);
																															_t206 = L00419660();
																															if(_t437 != 0) {
																																_t206 =  *((intOrPtr*)( *_t437))(1);
																															}
																															 *0x472fc0 = _t733;
																														}
																													}
																												} else {
																													_t206 =  *0x472fb8; // 0x0
																													if(_t206 == 0) {
																														_t265 = E0042929A(0x204);
																														_t770 = _t759 + 4;
																														_a112 = _t265;
																														_a104 = 0xc1;
																														if(_t265 == 0) {
																															_t734 = 0;
																														} else {
																															_t734 = E00427290(_t265);
																														}
																														_t697 = _t686 | 0xffffffff;
																														_a104 = _t697;
																														_t266 = E0042929A(0x10);
																														_t759 = _t770 + 4;
																														_a112 = _t266;
																														_a104 = 0xc2;
																														if(_t266 == 0) {
																															_t438 = 0;
																														} else {
																															_t438 = E00426770(_t266);
																														}
																														_a104 = _t697;
																														E00426820(_t438, 0x11b);
																														E004160E0(_t722, _t668, 0x45485c, _t438, 0);
																														_push(_t734);
																														_push(_t438);
																														_t206 = L00419660();
																														if(_t438 != 0) {
																															_t206 =  *((intOrPtr*)( *_t438))(1);
																														}
																														 *0x472fb8 = _t734;
																													}
																												}
																											} else {
																												_t206 =  *0x472fb0; // 0x0
																												if(_t206 == 0) {
																													_t272 = E0042929A(0x204);
																													_t771 = _t759 + 4;
																													_a112 = _t272;
																													_a104 = 0xbf;
																													if(_t272 == 0) {
																														_t735 = 0;
																													} else {
																														_t735 = E00427290(_t272);
																													}
																													_t698 = _t686 | 0xffffffff;
																													_a104 = _t698;
																													_t273 = E0042929A(0x10);
																													_t759 = _t771 + 4;
																													_a112 = _t273;
																													_a104 = 0xc0;
																													if(_t273 == 0) {
																														_t439 = 0;
																													} else {
																														_t439 = E00426770(_t273);
																													}
																													_a104 = _t698;
																													E00426820(_t439, 0x11b);
																													E004160E0(_t722, _t668, 0x454858, _t439, 0);
																													_push(_t735);
																													_push(_t439);
																													_t206 = L00419660();
																													if(_t439 != 0) {
																														_t206 =  *((intOrPtr*)( *_t439))(1);
																													}
																													 *0x472fb0 = _t735;
																												}
																											}
																										} else {
																											_t206 =  *0x472fa8; // 0x0
																											if(_t206 == 0) {
																												_t278 = E0042929A(0x204);
																												_t772 = _t759 + 4;
																												_a112 = _t278;
																												_a104 = 0xbd;
																												if(_t278 == 0) {
																													_t736 = 0;
																												} else {
																													_t736 = E00427290(_t278);
																												}
																												_t699 = _t686 | 0xffffffff;
																												_a104 = _t699;
																												_t279 = E0042929A(0x10);
																												_t759 = _t772 + 4;
																												_a112 = _t279;
																												_a104 = 0xbe;
																												if(_t279 == 0) {
																													_t440 = 0;
																												} else {
																													_t440 = E00426770(_t279);
																												}
																												_a104 = _t699;
																												E00426820(_t440, 0x11b);
																												E004160E0(_t722, _t668, 0x454854, _t440, 0);
																												_push(_t736);
																												_push(_t440);
																												_t206 = L00419660();
																												if(_t440 != 0) {
																													_t206 =  *((intOrPtr*)( *_t440))(1);
																												}
																												 *0x472fa8 = _t736;
																											}
																										}
																									} else {
																										_t206 =  *0x472fa0; // 0x0
																										if(_t206 == 0) {
																											_t285 = E0042929A(0x204);
																											_t773 = _t759 + 4;
																											_a112 = _t285;
																											_a104 = 0xbb;
																											if(_t285 == 0) {
																												_t737 = 0;
																											} else {
																												_t737 = E00427290(_t285);
																											}
																											_t700 = _t686 | 0xffffffff;
																											_a104 = _t700;
																											_t286 = E0042929A(0x10);
																											_t759 = _t773 + 4;
																											_a112 = _t286;
																											_a104 = 0xbc;
																											if(_t286 == 0) {
																												_t441 = 0;
																											} else {
																												_t441 = E00426770(_t286);
																											}
																											_a104 = _t700;
																											E00426820(_t441, 0x11b);
																											E004160E0(_t722, _t668, 0x454850, _t441, 0);
																											_push(_t737);
																											_push(_t441);
																											_t206 = L00419660();
																											if(_t441 != 0) {
																												_t206 =  *((intOrPtr*)( *_t441))(1);
																											}
																											 *0x472fa0 = _t737;
																										}
																									}
																								} else {
																									_t206 =  *0x472f98; // 0x0
																									if(_t206 == 0) {
																										_t291 = E0042929A(0x204);
																										_t774 = _t759 + 4;
																										_a112 = _t291;
																										_a104 = 0xb9;
																										if(_t291 == 0) {
																											_t738 = 0;
																										} else {
																											_t738 = E00427290(_t291);
																										}
																										_t701 = _t686 | 0xffffffff;
																										_a104 = _t701;
																										_t292 = E0042929A(0x10);
																										_t759 = _t774 + 4;
																										_a112 = _t292;
																										_a104 = 0xba;
																										if(_t292 == 0) {
																											_t442 = 0;
																										} else {
																											_t442 = E00426770(_t292);
																										}
																										_a104 = _t701;
																										E00426820(_t442, 0x11b);
																										E004160E0(_t722, _t668, 0x45484c, _t442, 0);
																										_push(_t738);
																										_push(_t442);
																										_t206 = L00419660();
																										if(_t442 != 0) {
																											_t206 =  *((intOrPtr*)( *_t442))(1);
																										}
																										 *0x472f98 = _t738;
																									}
																								}
																							} else {
																								_t206 =  *0x472f90; // 0x0
																								if(_t206 == 0) {
																									_t298 = E0042929A(0x204);
																									_t775 = _t759 + 4;
																									_a112 = _t298;
																									_a104 = 0xb7;
																									if(_t298 == 0) {
																										_t739 = 0;
																									} else {
																										_t739 = E00427290(_t298);
																									}
																									_t702 = _t686 | 0xffffffff;
																									_a104 = _t702;
																									_t299 = E0042929A(0x10);
																									_t759 = _t775 + 4;
																									_a112 = _t299;
																									_a104 = 0xb8;
																									if(_t299 == 0) {
																										_t443 = 0;
																									} else {
																										_t443 = E00426770(_t299);
																									}
																									_a104 = _t702;
																									E00426820(_t443, 0x11b);
																									E004160E0(_t722, _t668, 0x454848, _t443, 0);
																									_push(_t739);
																									_push(_t443);
																									_t206 = L00419660();
																									if(_t443 != 0) {
																										_t206 =  *((intOrPtr*)( *_t443))(1);
																									}
																									 *0x472f90 = _t739;
																								}
																							}
																						} else {
																							_t206 =  *0x472f88; // 0x0
																							if(_t206 == 0) {
																								_t304 = E0042929A(0x204);
																								_t776 = _t759 + 4;
																								_a112 = _t304;
																								_a104 = 0xb5;
																								if(_t304 == 0) {
																									_t740 = 0;
																								} else {
																									_t740 = E00427290(_t304);
																								}
																								_t703 = _t686 | 0xffffffff;
																								_a104 = _t703;
																								_t305 = E0042929A(0x10);
																								_t759 = _t776 + 4;
																								_a112 = _t305;
																								_a104 = 0xb6;
																								if(_t305 == 0) {
																									_t444 = 0;
																								} else {
																									_t444 = E00426770(_t305);
																								}
																								_a104 = _t703;
																								E00426820(_t444, 0x11b);
																								E004160E0(_t722, _t668, 0x454844, _t444, 0);
																								_push(_t740);
																								_push(_t444);
																								_t206 = L00419660();
																								if(_t444 != 0) {
																									_t206 =  *((intOrPtr*)( *_t444))(1);
																								}
																								 *0x472f88 = _t740;
																							}
																						}
																					} else {
																						_t206 =  *0x472f80; // 0x0
																						if(_t206 == 0) {
																							_t311 = E0042929A(0x204);
																							_t777 = _t759 + 4;
																							_a112 = _t311;
																							_a104 = 0xb3;
																							if(_t311 == 0) {
																								_t741 = 0;
																							} else {
																								_t741 = E00427290(_t311);
																							}
																							_t704 = _t686 | 0xffffffff;
																							_a104 = _t704;
																							_t312 = E0042929A(0x10);
																							_t759 = _t777 + 4;
																							_a112 = _t312;
																							_a104 = 0xb4;
																							if(_t312 == 0) {
																								_t445 = 0;
																							} else {
																								_t445 = E00426770(_t312);
																							}
																							_a104 = _t704;
																							E00426820(_t445, 0x11b);
																							E004160E0(_t722, _t668, 0x454840, _t445, 0);
																							_push(_t741);
																							_push(_t445);
																							_t206 = L00419660();
																							if(_t445 != 0) {
																								_t206 =  *((intOrPtr*)( *_t445))(1);
																							}
																							 *0x472f80 = _t741;
																						}
																					}
																				} else {
																					_t206 =  *0x472f78; // 0x0
																					if(_t206 == 0) {
																						_t317 = E0042929A(0x204);
																						_t778 = _t759 + 4;
																						_a112 = _t317;
																						_a104 = 0xb1;
																						if(_t317 == 0) {
																							_t742 = 0;
																						} else {
																							_t742 = E00427290(_t317);
																						}
																						_t705 = _t686 | 0xffffffff;
																						_a104 = _t705;
																						_t318 = E0042929A(0x10);
																						_t759 = _t778 + 4;
																						_a112 = _t318;
																						_a104 = 0xb2;
																						if(_t318 == 0) {
																							_t446 = 0;
																						} else {
																							_t446 = E00426770(_t318);
																						}
																						_a104 = _t705;
																						E00426820(_t446, 0x11b);
																						E004160E0(_t722, _t668, 0x45483c, _t446, 0);
																						_push(_t742);
																						_push(_t446);
																						_t206 = L00419660();
																						if(_t446 != 0) {
																							_t206 =  *((intOrPtr*)( *_t446))(1);
																						}
																						 *0x472f78 = _t742;
																					}
																				}
																			} else {
																				_t206 =  *0x472f70; // 0x0
																				if(_t206 == 0) {
																					_t324 = E0042929A(0x204);
																					_t779 = _t759 + 4;
																					_a112 = _t324;
																					_a104 = 0xaf;
																					if(_t324 == 0) {
																						_t743 = 0;
																					} else {
																						_t743 = E00427290(_t324);
																					}
																					_t706 = _t686 | 0xffffffff;
																					_a104 = _t706;
																					_t325 = E0042929A(0x10);
																					_t759 = _t779 + 4;
																					_a112 = _t325;
																					_a104 = 0xb0;
																					if(_t325 == 0) {
																						_t447 = 0;
																					} else {
																						_t447 = E00426770(_t325);
																					}
																					_a104 = _t706;
																					E00426820(_t447, 0x11b);
																					E004160E0(_t722, _t668, 0x454838, _t447, 0);
																					_push(_t743);
																					_push(_t447);
																					_t206 = L00419660();
																					if(_t447 != 0) {
																						_t206 =  *((intOrPtr*)( *_t447))(1);
																					}
																					 *0x472f70 = _t743;
																				}
																			}
																		} else {
																			_t206 =  *0x472f68; // 0x0
																			if(_t206 == 0) {
																				_t330 = E0042929A(0x204);
																				_t780 = _t759 + 4;
																				_a112 = _t330;
																				_a104 = 0xad;
																				if(_t330 == 0) {
																					_t744 = 0;
																				} else {
																					_t744 = E00427290(_t330);
																				}
																				_t707 = _t686 | 0xffffffff;
																				_a104 = _t707;
																				_t331 = E0042929A(0x10);
																				_t759 = _t780 + 4;
																				_a112 = _t331;
																				_a104 = 0xae;
																				if(_t331 == 0) {
																					_t448 = 0;
																				} else {
																					_t448 = E00426770(_t331);
																				}
																				_a104 = _t707;
																				E00426820(_t448, 0x11b);
																				E004160E0(_t722, _t668, 0x454834, _t448, 0);
																				_push(_t744);
																				_push(_t448);
																				_t206 = L00419660();
																				if(_t448 != 0) {
																					_t206 =  *((intOrPtr*)( *_t448))(1);
																				}
																				 *0x472f68 = _t744;
																			}
																		}
																	} else {
																		_t206 =  *0x472f60; // 0x0
																		if(_t206 == 0) {
																			_t337 = E0042929A(0x204);
																			_t781 = _t759 + 4;
																			_a112 = _t337;
																			_a104 = 0xab;
																			if(_t337 == 0) {
																				_t745 = 0;
																			} else {
																				_t745 = E00427290(_t337);
																			}
																			_t708 = _t686 | 0xffffffff;
																			_a104 = _t708;
																			_t338 = E0042929A(0x10);
																			_t759 = _t781 + 4;
																			_a112 = _t338;
																			_a104 = 0xac;
																			if(_t338 == 0) {
																				_t449 = 0;
																			} else {
																				_t449 = E00426770(_t338);
																			}
																			_a104 = _t708;
																			E00426820(_t449, 0x11b);
																			E004160E0(_t722, _t668, 0x454830, _t449, 0);
																			_push(_t745);
																			_push(_t449);
																			_t206 = L00419660();
																			if(_t449 != 0) {
																				_t206 =  *((intOrPtr*)( *_t449))(1);
																			}
																			 *0x472f60 = _t745;
																		}
																	}
																} else {
																	_t206 =  *0x472f58; // 0x0
																	if(_t206 == 0) {
																		_t343 = E0042929A(0x204);
																		_t782 = _t759 + 4;
																		_a112 = _t343;
																		_a104 = 0xa9;
																		if(_t343 == 0) {
																			_t746 = 0;
																		} else {
																			_t746 = E00427290(_t343);
																		}
																		_t709 = _t686 | 0xffffffff;
																		_a104 = _t709;
																		_t344 = E0042929A(0x10);
																		_t759 = _t782 + 4;
																		_a112 = _t344;
																		_a104 = 0xaa;
																		if(_t344 == 0) {
																			_t450 = 0;
																		} else {
																			_t450 = E00426770(_t344);
																		}
																		_a104 = _t709;
																		E00426820(_t450, 0x11b);
																		E004160E0(_t722, _t668, 0x45482c, _t450, 0);
																		_push(_t746);
																		_push(_t450);
																		_t206 = L00419660();
																		if(_t450 != 0) {
																			_t206 =  *((intOrPtr*)( *_t450))(1);
																		}
																		 *0x472f58 = _t746;
																	}
																}
															} else {
																_t206 =  *0x472f50; // 0x0
																if(_t206 == 0) {
																	_t350 = E0042929A(0x204);
																	_t783 = _t759 + 4;
																	_a112 = _t350;
																	_a104 = 0xa7;
																	if(_t350 == 0) {
																		_t747 = 0;
																	} else {
																		_t747 = E00427290(_t350);
																	}
																	_t710 = _t686 | 0xffffffff;
																	_a104 = _t710;
																	_t351 = E0042929A(0x10);
																	_t759 = _t783 + 4;
																	_a112 = _t351;
																	_a104 = 0xa8;
																	if(_t351 == 0) {
																		_t451 = 0;
																	} else {
																		_t451 = E00426770(_t351);
																	}
																	_a104 = _t710;
																	E00426820(_t451, 0x11b);
																	E004160E0(_t722, _t668, "xYXUgoAAAAAA=", _t451, 0);
																	_push(_t747);
																	_push(_t451);
																	_t206 = L00419660();
																	if(_t451 != 0) {
																		_t206 =  *((intOrPtr*)( *_t451))(1);
																	}
																	 *0x472f50 = _t747;
																}
															}
														} else {
															_t206 =  *0x472f48; // 0x0
															if(_t206 == 0) {
																_t356 = E0042929A(0x204);
																_t784 = _t759 + 4;
																_a112 = _t356;
																_a104 = 0xa5;
																if(_t356 == 0) {
																	_t748 = 0;
																} else {
																	_t748 = E00427290(_t356);
																}
																_t711 = _t686 | 0xffffffff;
																_a104 = _t711;
																_t357 = E0042929A(0x10);
																_t759 = _t784 + 4;
																_a112 = _t357;
																_a104 = 0xa6;
																if(_t357 == 0) {
																	_t452 = 0;
																} else {
																	_t452 = E00426770(_t357);
																}
																_a104 = _t711;
																E00426820(_t452, 0x11b);
																E004160E0(_t722, _t668, 0x454828, _t452, 0);
																_push(_t748);
																_push(_t452);
																_t206 = L00419660();
																if(_t452 != 0) {
																	_t206 =  *((intOrPtr*)( *_t452))(1);
																}
																 *0x472f48 = _t748;
															}
														}
													} else {
														_t206 =  *0x472f40; // 0x0
														if(_t206 == 0) {
															_t363 = E0042929A(0x204);
															_t785 = _t759 + 4;
															_a112 = _t363;
															_a104 = 0xa3;
															if(_t363 == 0) {
																_t749 = 0;
															} else {
																_t749 = E00427290(_t363);
															}
															_t712 = _t686 | 0xffffffff;
															_a104 = _t712;
															_t364 = E0042929A(0x10);
															_t759 = _t785 + 4;
															_a112 = _t364;
															_a104 = 0xa4;
															if(_t364 == 0) {
																_t453 = 0;
															} else {
																_t453 = E00426770(_t364);
															}
															_a104 = _t712;
															E00426820(_t453, 0x11b);
															E004160E0(_t722, _t668, 0x454824, _t453, 0);
															_push(_t749);
															_push(_t453);
															_t206 = L00419660();
															if(_t453 != 0) {
																_t206 =  *((intOrPtr*)( *_t453))(1);
															}
															 *0x472f40 = _t749;
														}
													}
												} else {
													_t206 =  *0x472f38; // 0x0
													if(_t206 == 0) {
														_t369 = E0042929A(0x204);
														_t786 = _t759 + 4;
														_a112 = _t369;
														_a104 = 0xa1;
														if(_t369 == 0) {
															_t750 = 0;
														} else {
															_t750 = E00427290(_t369);
														}
														_t713 = _t686 | 0xffffffff;
														_a104 = _t713;
														_t370 = E0042929A(0x10);
														_t759 = _t786 + 4;
														_a112 = _t370;
														_a104 = 0xa2;
														if(_t370 == 0) {
															_t454 = 0;
														} else {
															_t454 = E00426770(_t370);
														}
														_a104 = _t713;
														E00426820(_t454, 0x11b);
														E004160E0(_t722, _t668, 0x454820, _t454, 0);
														_push(_t750);
														_push(_t454);
														_t206 = L00419660();
														if(_t454 != 0) {
															_t206 =  *((intOrPtr*)( *_t454))(1);
														}
														 *0x472f38 = _t750;
													}
												}
											} else {
												_t206 =  *0x472f30; // 0x0
												if(_t206 == 0) {
													_t376 = E0042929A(0x204);
													_t787 = _t759 + 4;
													_a112 = _t376;
													_a104 = 0x9f;
													if(_t376 == 0) {
														_t751 = 0;
													} else {
														_t751 = E00427290(_t376);
													}
													_t714 = _t686 | 0xffffffff;
													_a104 = _t714;
													_t377 = E0042929A(0x10);
													_t759 = _t787 + 4;
													_a112 = _t377;
													_a104 = 0xa0;
													if(_t377 == 0) {
														_t455 = 0;
													} else {
														_t455 = E00426770(_t377);
													}
													_a104 = _t714;
													E00426820(_t455, 0x11b);
													E004160E0(_t722, _t668, 0x45481c, _t455, 0);
													_push(_t751);
													_push(_t455);
													_t206 = L00419660();
													if(_t455 != 0) {
														_t206 =  *((intOrPtr*)( *_t455))(1);
													}
													 *0x472f30 = _t751;
												}
											}
											goto L374;
										}
										_t206 =  *0x472f28; // 0x0
										if(_t206 != 0) {
											goto L374;
										}
										_t382 = E0042929A(0x204);
										_t788 = _t759 + 4;
										_a112 = _t382;
										_a104 = 0x9d;
										if(_t382 == 0) {
											_t752 = 0;
										} else {
											_t752 = E00427290(_t382);
										}
										_t715 = _t686 | 0xffffffff;
										_a104 = _t715;
										_t383 = E0042929A(0x10);
										_t759 = _t788 + 4;
										_a112 = _t383;
										_a104 = 0x9e;
										if(_t383 == 0) {
											_t456 = 0;
										} else {
											_t456 = E00426770(_t383);
										}
										_a104 = _t715;
										E00426820(_t456, 0x11b);
										E004160E0(_t722, _t668, 0x454818, _t456, 0);
										_push(_t752);
										_push(_t456);
										_t206 = L00419660();
										if(_t456 != 0) {
											_t206 =  *((intOrPtr*)( *_t456))(1);
										}
										 *0x472f28 = _t752;
									} else {
										_t206 =  *0x472f20; // 0x0
										if(_t206 == 0) {
											_t389 = E0042929A(0x204);
											_t789 = _t759 + 4;
											_a112 = _t389;
											_a104 = 0x9b;
											if(_t389 == 0) {
												_t753 = 0;
											} else {
												_t753 = E00427290(_t389);
											}
											_t716 = _t686 | 0xffffffff;
											_a104 = _t716;
											_t390 = E0042929A(0x10);
											_t759 = _t789 + 4;
											_a112 = _t390;
											_a104 = 0x9c;
											if(_t390 == 0) {
												_t457 = 0;
											} else {
												_t457 = E00426770(_t390);
											}
											_a104 = _t716;
											E00426820(_t457, 0x11b);
											E004160E0(_t722, _t668, 0x454814, _t457, 0);
											_push(_t753);
											_push(_t457);
											_t206 = L00419660();
											if(_t457 != 0) {
												_t206 =  *((intOrPtr*)( *_t457))(1);
											}
											 *0x472f20 = _t753;
										}
									}
								} else {
									_t206 =  *0x472f18; // 0x0
									if(_t206 == 0) {
										_t395 = E0042929A(0x204);
										_t790 = _t759 + 4;
										_a112 = _t395;
										_a104 = 0x99;
										if(_t395 == 0) {
											_t754 = 0;
										} else {
											_t754 = E00427290(_t395);
										}
										_t717 = _t686 | 0xffffffff;
										_a104 = _t717;
										_t396 = E0042929A(0x10);
										_t759 = _t790 + 4;
										_a112 = _t396;
										_a104 = 0x9a;
										if(_t396 == 0) {
											_t458 = 0;
										} else {
											_t458 = E00426770(_t396);
										}
										_a104 = _t717;
										E00426820(_t458, 0x11b);
										E004160E0(_t722, _t668, 0x454810, _t458, 0);
										_push(_t754);
										_push(_t458);
										_t206 = L00419660();
										if(_t458 != 0) {
											_t206 =  *((intOrPtr*)( *_t458))(1);
										}
										 *0x472f18 = _t754;
									}
								}
							} else {
								_t206 =  *0x472f10; // 0x0
								if(_t206 == 0) {
									_t402 = E0042929A(0x204);
									_t791 = _t759 + 4;
									_a112 = _t402;
									_a104 = 0x97;
									if(_t402 == 0) {
										_t755 = 0;
									} else {
										_t755 = E00427290(_t402);
									}
									_t718 = _t686 | 0xffffffff;
									_a104 = _t718;
									_t403 = E0042929A(0x10);
									_t759 = _t791 + 4;
									_a112 = _t403;
									_a104 = 0x98;
									if(_t403 == 0) {
										_t459 = 0;
									} else {
										_t459 = E00426770(_t403);
									}
									_a104 = _t718;
									E00426820(_t459, 0x11b);
									E004160E0(_t722, _t668, 0x45480c, _t459, 0);
									_push(_t755);
									_push(_t459);
									_t206 = L00419660();
									if(_t459 != 0) {
										_t206 =  *((intOrPtr*)( *_t459))(1);
									}
									 *0x472f10 = _t755;
								}
							}
						} else {
							_t206 =  *0x472f08; // 0x0
							if(_t206 == 0) {
								_t408 = E0042929A(0x204);
								_t792 = _t759 + 4;
								_a112 = _t408;
								_a104 = 0x95;
								if(_t408 == 0) {
									_t756 = 0;
								} else {
									_t756 = E00427290(_t408);
								}
								_t719 = _t686 | 0xffffffff;
								_a104 = _t719;
								_t409 = E0042929A(0x10);
								_t759 = _t792 + 4;
								_a112 = _t409;
								_a104 = 0x96;
								if(_t409 == 0) {
									_t460 = 0;
								} else {
									_t460 = E00426770(_t409);
								}
								_a104 = _t719;
								E00426820(_t460, 0x11b);
								E004160E0(_t722, _t668, 0x454808, _t460, 0);
								_push(_t756);
								_push(_t460);
								_t206 = L00419660();
								if(_t460 != 0) {
									_t206 =  *((intOrPtr*)( *_t460))(1);
								}
								 *0x472f08 = _t756;
							}
						}
					} else {
						_t206 =  *0x472f00; // 0x0
						if(_t206 == 0) {
							_t415 = E0042929A(0x204);
							_t793 = _t759 + 4;
							_a112 = _t415;
							_a104 = 0x93;
							if(_t415 == 0) {
								_t757 = 0;
							} else {
								_t757 = E00427290(_t415);
							}
							_t720 = _t686 | 0xffffffff;
							_a104 = _t720;
							_t416 = E0042929A(0x10);
							_t759 = _t793 + 4;
							_a112 = _t416;
							_a104 = 0x94;
							if(_t416 == 0) {
								_t461 = 0;
							} else {
								_t461 = E00426770(_t416);
							}
							_a104 = _t720;
							E00426820(_t461, 0x11b);
							E004160E0(_t722, _t668, 0x454804, _t461, 0);
							_push(_t757);
							_push(_t461);
							_t206 = L00419660();
							if(_t461 != 0) {
								_t206 =  *((intOrPtr*)( *_t461))(1);
							}
							 *0x472f00 = _t757;
						}
					}
					goto L374;
				} else {
					_t206 =  *0x472ef8; // 0x0
					if(_t206 == 0) {
						_t421 = E0042929A(0x204);
						_t794 = _t759 + 4;
						_a112 = _t421;
						_a104 = 0x91;
						if(_t421 == 0) {
							_t758 = 0;
						} else {
							_t758 = E00427290(_t421);
						}
						_t721 = _t686 | 0xffffffff;
						_a104 = _t721;
						_t422 = E0042929A(0x10);
						_t759 = _t794 + 4;
						_a112 = _t422;
						_a104 = 0x92;
						if(_t422 == 0) {
							_t462 = 0;
						} else {
							_t462 = E00426770(_t422);
						}
						_a104 = _t721;
						E00426820(_t462, 0x11b);
						E004160E0(_t722, _t668, 0x454800, _t462, 0);
						_push(_t758);
						_push(_t462);
						_t206 = L00419660();
						if(_t462 != 0) {
							_t206 =  *((intOrPtr*)( *_t462))(1);
						}
						 *0x472ef8 = _t758;
					}
					L374:
					 *[fs:0x0] = _a96;
					return _t206;
				}
			}




















































































































































































































                    0x0041c816
                    0x0041c816
                    0x0041c816
                    0x0041c81b
                    0x0041c8ca
                    0x0041c979
                    0x0041ca28
                    0x0041cad7
                    0x0041cb86
                    0x0041cc35
                    0x0041cce4
                    0x0041cd93
                    0x0041ce42
                    0x0041cef1
                    0x0041cfa0
                    0x0041d04f
                    0x0041d0fe
                    0x0041d1ad
                    0x0041d25c
                    0x0041d30b
                    0x0041d3ba
                    0x0041d469
                    0x0041d518
                    0x0041d5c7
                    0x0041d676
                    0x0041d725
                    0x0041d7d4
                    0x0041d883
                    0x0041d932
                    0x0041d9e1
                    0x0041da90
                    0x0041db3f
                    0x0041dbee
                    0x0041dc9d
                    0x0041dd4c
                    0x0041ddfb
                    0x0041deaa
                    0x0041deb0
                    0x0041deb7
                    0x0041dec2
                    0x0041dec7
                    0x0041deca
                    0x0041ded0
                    0x0041ded8
                    0x0041dee5
                    0x0041deda
                    0x0041dee1
                    0x0041dee1
                    0x0041dee7
                    0x0041deec
                    0x0041def0
                    0x0041def5
                    0x0041def8
                    0x0041defe
                    0x0041df06
                    0x0041df13
                    0x0041df08
                    0x0041df0f
                    0x0041df0f
                    0x0041df1c
                    0x0041df20
                    0x0041df2f
                    0x0041df34
                    0x0041df35
                    0x0041df38
                    0x0041df3f
                    0x0041df47
                    0x0041df47
                    0x0041df49
                    0x0041df49
                    0x0041deb7
                    0x0041de01
                    0x0041de01
                    0x0041de08
                    0x0041de13
                    0x0041de18
                    0x0041de1b
                    0x0041de21
                    0x0041de29
                    0x0041de36
                    0x0041de2b
                    0x0041de32
                    0x0041de32
                    0x0041de38
                    0x0041de3d
                    0x0041de41
                    0x0041de46
                    0x0041de49
                    0x0041de4f
                    0x0041de57
                    0x0041de64
                    0x0041de59
                    0x0041de60
                    0x0041de60
                    0x0041de6d
                    0x0041de71
                    0x0041de80
                    0x0041de85
                    0x0041de86
                    0x0041de89
                    0x0041de90
                    0x0041de98
                    0x0041de98
                    0x0041de9a
                    0x0041de9a
                    0x0041de08
                    0x0041dd52
                    0x0041dd52
                    0x0041dd59
                    0x0041dd64
                    0x0041dd69
                    0x0041dd6c
                    0x0041dd72
                    0x0041dd7a
                    0x0041dd87
                    0x0041dd7c
                    0x0041dd83
                    0x0041dd83
                    0x0041dd89
                    0x0041dd8e
                    0x0041dd92
                    0x0041dd97
                    0x0041dd9a
                    0x0041dda0
                    0x0041dda8
                    0x0041ddb5
                    0x0041ddaa
                    0x0041ddb1
                    0x0041ddb1
                    0x0041ddbe
                    0x0041ddc2
                    0x0041ddd1
                    0x0041ddd6
                    0x0041ddd7
                    0x0041ddda
                    0x0041dde1
                    0x0041dde9
                    0x0041dde9
                    0x0041ddeb
                    0x0041ddeb
                    0x0041dd59
                    0x0041dca3
                    0x0041dca3
                    0x0041dcaa
                    0x0041dcb5
                    0x0041dcba
                    0x0041dcbd
                    0x0041dcc3
                    0x0041dccb
                    0x0041dcd8
                    0x0041dccd
                    0x0041dcd4
                    0x0041dcd4
                    0x0041dcda
                    0x0041dcdf
                    0x0041dce3
                    0x0041dce8
                    0x0041dceb
                    0x0041dcf1
                    0x0041dcf9
                    0x0041dd06
                    0x0041dcfb
                    0x0041dd02
                    0x0041dd02
                    0x0041dd0f
                    0x0041dd13
                    0x0041dd22
                    0x0041dd27
                    0x0041dd28
                    0x0041dd2b
                    0x0041dd32
                    0x0041dd3a
                    0x0041dd3a
                    0x0041dd3c
                    0x0041dd3c
                    0x0041dcaa
                    0x0041dbf4
                    0x0041dbf4
                    0x0041dbfb
                    0x0041dc06
                    0x0041dc0b
                    0x0041dc0e
                    0x0041dc14
                    0x0041dc1c
                    0x0041dc29
                    0x0041dc1e
                    0x0041dc25
                    0x0041dc25
                    0x0041dc2b
                    0x0041dc30
                    0x0041dc34
                    0x0041dc39
                    0x0041dc3c
                    0x0041dc42
                    0x0041dc4a
                    0x0041dc57
                    0x0041dc4c
                    0x0041dc53
                    0x0041dc53
                    0x0041dc60
                    0x0041dc64
                    0x0041dc73
                    0x0041dc78
                    0x0041dc79
                    0x0041dc7c
                    0x0041dc83
                    0x0041dc8b
                    0x0041dc8b
                    0x0041dc8d
                    0x0041dc8d
                    0x0041dbfb
                    0x0041db45
                    0x0041db45
                    0x0041db4c
                    0x0041db57
                    0x0041db5c
                    0x0041db5f
                    0x0041db65
                    0x0041db6d
                    0x0041db7a
                    0x0041db6f
                    0x0041db76
                    0x0041db76
                    0x0041db7c
                    0x0041db81
                    0x0041db85
                    0x0041db8a
                    0x0041db8d
                    0x0041db93
                    0x0041db9b
                    0x0041dba8
                    0x0041db9d
                    0x0041dba4
                    0x0041dba4
                    0x0041dbb1
                    0x0041dbb5
                    0x0041dbc4
                    0x0041dbc9
                    0x0041dbca
                    0x0041dbcd
                    0x0041dbd4
                    0x0041dbdc
                    0x0041dbdc
                    0x0041dbde
                    0x0041dbde
                    0x0041db4c
                    0x0041da96
                    0x0041da96
                    0x0041da9d
                    0x0041daa8
                    0x0041daad
                    0x0041dab0
                    0x0041dab6
                    0x0041dabe
                    0x0041dacb
                    0x0041dac0
                    0x0041dac7
                    0x0041dac7
                    0x0041dacd
                    0x0041dad2
                    0x0041dad6
                    0x0041dadb
                    0x0041dade
                    0x0041dae4
                    0x0041daec
                    0x0041daf9
                    0x0041daee
                    0x0041daf5
                    0x0041daf5
                    0x0041db02
                    0x0041db06
                    0x0041db15
                    0x0041db1a
                    0x0041db1b
                    0x0041db1e
                    0x0041db25
                    0x0041db2d
                    0x0041db2d
                    0x0041db2f
                    0x0041db2f
                    0x0041da9d
                    0x0041d9e7
                    0x0041d9e7
                    0x0041d9ee
                    0x0041d9f9
                    0x0041d9fe
                    0x0041da01
                    0x0041da07
                    0x0041da0f
                    0x0041da1c
                    0x0041da11
                    0x0041da18
                    0x0041da18
                    0x0041da1e
                    0x0041da23
                    0x0041da27
                    0x0041da2c
                    0x0041da2f
                    0x0041da35
                    0x0041da3d
                    0x0041da4a
                    0x0041da3f
                    0x0041da46
                    0x0041da46
                    0x0041da53
                    0x0041da57
                    0x0041da66
                    0x0041da6b
                    0x0041da6c
                    0x0041da6f
                    0x0041da76
                    0x0041da7e
                    0x0041da7e
                    0x0041da80
                    0x0041da80
                    0x0041d9ee
                    0x0041d938
                    0x0041d938
                    0x0041d93f
                    0x0041d94a
                    0x0041d94f
                    0x0041d952
                    0x0041d958
                    0x0041d960
                    0x0041d96d
                    0x0041d962
                    0x0041d969
                    0x0041d969
                    0x0041d96f
                    0x0041d974
                    0x0041d978
                    0x0041d97d
                    0x0041d980
                    0x0041d986
                    0x0041d98e
                    0x0041d99b
                    0x0041d990
                    0x0041d997
                    0x0041d997
                    0x0041d9a4
                    0x0041d9a8
                    0x0041d9b7
                    0x0041d9bc
                    0x0041d9bd
                    0x0041d9c0
                    0x0041d9c7
                    0x0041d9cf
                    0x0041d9cf
                    0x0041d9d1
                    0x0041d9d1
                    0x0041d93f
                    0x0041d889
                    0x0041d889
                    0x0041d890
                    0x0041d89b
                    0x0041d8a0
                    0x0041d8a3
                    0x0041d8a9
                    0x0041d8b1
                    0x0041d8be
                    0x0041d8b3
                    0x0041d8ba
                    0x0041d8ba
                    0x0041d8c0
                    0x0041d8c5
                    0x0041d8c9
                    0x0041d8ce
                    0x0041d8d1
                    0x0041d8d7
                    0x0041d8df
                    0x0041d8ec
                    0x0041d8e1
                    0x0041d8e8
                    0x0041d8e8
                    0x0041d8f5
                    0x0041d8f9
                    0x0041d908
                    0x0041d90d
                    0x0041d90e
                    0x0041d911
                    0x0041d918
                    0x0041d920
                    0x0041d920
                    0x0041d922
                    0x0041d922
                    0x0041d890
                    0x0041d7da
                    0x0041d7da
                    0x0041d7e1
                    0x0041d7ec
                    0x0041d7f1
                    0x0041d7f4
                    0x0041d7fa
                    0x0041d802
                    0x0041d80f
                    0x0041d804
                    0x0041d80b
                    0x0041d80b
                    0x0041d811
                    0x0041d816
                    0x0041d81a
                    0x0041d81f
                    0x0041d822
                    0x0041d828
                    0x0041d830
                    0x0041d83d
                    0x0041d832
                    0x0041d839
                    0x0041d839
                    0x0041d846
                    0x0041d84a
                    0x0041d859
                    0x0041d85e
                    0x0041d85f
                    0x0041d862
                    0x0041d869
                    0x0041d871
                    0x0041d871
                    0x0041d873
                    0x0041d873
                    0x0041d7e1
                    0x0041d72b
                    0x0041d72b
                    0x0041d732
                    0x0041d73d
                    0x0041d742
                    0x0041d745
                    0x0041d74b
                    0x0041d753
                    0x0041d760
                    0x0041d755
                    0x0041d75c
                    0x0041d75c
                    0x0041d762
                    0x0041d767
                    0x0041d76b
                    0x0041d770
                    0x0041d773
                    0x0041d779
                    0x0041d781
                    0x0041d78e
                    0x0041d783
                    0x0041d78a
                    0x0041d78a
                    0x0041d797
                    0x0041d79b
                    0x0041d7aa
                    0x0041d7af
                    0x0041d7b0
                    0x0041d7b3
                    0x0041d7ba
                    0x0041d7c2
                    0x0041d7c2
                    0x0041d7c4
                    0x0041d7c4
                    0x0041d732
                    0x0041d67c
                    0x0041d67c
                    0x0041d683
                    0x0041d68e
                    0x0041d693
                    0x0041d696
                    0x0041d69c
                    0x0041d6a4
                    0x0041d6b1
                    0x0041d6a6
                    0x0041d6ad
                    0x0041d6ad
                    0x0041d6b3
                    0x0041d6b8
                    0x0041d6bc
                    0x0041d6c1
                    0x0041d6c4
                    0x0041d6ca
                    0x0041d6d2
                    0x0041d6df
                    0x0041d6d4
                    0x0041d6db
                    0x0041d6db
                    0x0041d6e8
                    0x0041d6ec
                    0x0041d6fb
                    0x0041d700
                    0x0041d701
                    0x0041d704
                    0x0041d70b
                    0x0041d713
                    0x0041d713
                    0x0041d715
                    0x0041d715
                    0x0041d683
                    0x0041d5cd
                    0x0041d5cd
                    0x0041d5d4
                    0x0041d5df
                    0x0041d5e4
                    0x0041d5e7
                    0x0041d5ed
                    0x0041d5f5
                    0x0041d602
                    0x0041d5f7
                    0x0041d5fe
                    0x0041d5fe
                    0x0041d604
                    0x0041d609
                    0x0041d60d
                    0x0041d612
                    0x0041d615
                    0x0041d61b
                    0x0041d623
                    0x0041d630
                    0x0041d625
                    0x0041d62c
                    0x0041d62c
                    0x0041d639
                    0x0041d63d
                    0x0041d64c
                    0x0041d651
                    0x0041d652
                    0x0041d655
                    0x0041d65c
                    0x0041d664
                    0x0041d664
                    0x0041d666
                    0x0041d666
                    0x0041d5d4
                    0x0041d51e
                    0x0041d51e
                    0x0041d525
                    0x0041d530
                    0x0041d535
                    0x0041d538
                    0x0041d53e
                    0x0041d546
                    0x0041d553
                    0x0041d548
                    0x0041d54f
                    0x0041d54f
                    0x0041d555
                    0x0041d55a
                    0x0041d55e
                    0x0041d563
                    0x0041d566
                    0x0041d56c
                    0x0041d574
                    0x0041d581
                    0x0041d576
                    0x0041d57d
                    0x0041d57d
                    0x0041d58a
                    0x0041d58e
                    0x0041d59d
                    0x0041d5a2
                    0x0041d5a3
                    0x0041d5a6
                    0x0041d5ad
                    0x0041d5b5
                    0x0041d5b5
                    0x0041d5b7
                    0x0041d5b7
                    0x0041d525
                    0x0041d46f
                    0x0041d46f
                    0x0041d476
                    0x0041d481
                    0x0041d486
                    0x0041d489
                    0x0041d48f
                    0x0041d497
                    0x0041d4a4
                    0x0041d499
                    0x0041d4a0
                    0x0041d4a0
                    0x0041d4a6
                    0x0041d4ab
                    0x0041d4af
                    0x0041d4b4
                    0x0041d4b7
                    0x0041d4bd
                    0x0041d4c5
                    0x0041d4d2
                    0x0041d4c7
                    0x0041d4ce
                    0x0041d4ce
                    0x0041d4db
                    0x0041d4df
                    0x0041d4ee
                    0x0041d4f3
                    0x0041d4f4
                    0x0041d4f7
                    0x0041d4fe
                    0x0041d506
                    0x0041d506
                    0x0041d508
                    0x0041d508
                    0x0041d476
                    0x0041d3c0
                    0x0041d3c0
                    0x0041d3c7
                    0x0041d3d2
                    0x0041d3d7
                    0x0041d3da
                    0x0041d3e0
                    0x0041d3e8
                    0x0041d3f5
                    0x0041d3ea
                    0x0041d3f1
                    0x0041d3f1
                    0x0041d3f7
                    0x0041d3fc
                    0x0041d400
                    0x0041d405
                    0x0041d408
                    0x0041d40e
                    0x0041d416
                    0x0041d423
                    0x0041d418
                    0x0041d41f
                    0x0041d41f
                    0x0041d42c
                    0x0041d430
                    0x0041d43f
                    0x0041d444
                    0x0041d445
                    0x0041d448
                    0x0041d44f
                    0x0041d457
                    0x0041d457
                    0x0041d459
                    0x0041d459
                    0x0041d3c7
                    0x0041d311
                    0x0041d311
                    0x0041d318
                    0x0041d323
                    0x0041d328
                    0x0041d32b
                    0x0041d331
                    0x0041d339
                    0x0041d346
                    0x0041d33b
                    0x0041d342
                    0x0041d342
                    0x0041d348
                    0x0041d34d
                    0x0041d351
                    0x0041d356
                    0x0041d359
                    0x0041d35f
                    0x0041d367
                    0x0041d374
                    0x0041d369
                    0x0041d370
                    0x0041d370
                    0x0041d37d
                    0x0041d381
                    0x0041d390
                    0x0041d395
                    0x0041d396
                    0x0041d399
                    0x0041d3a0
                    0x0041d3a8
                    0x0041d3a8
                    0x0041d3aa
                    0x0041d3aa
                    0x0041d318
                    0x0041d262
                    0x0041d262
                    0x0041d269
                    0x0041d274
                    0x0041d279
                    0x0041d27c
                    0x0041d282
                    0x0041d28a
                    0x0041d297
                    0x0041d28c
                    0x0041d293
                    0x0041d293
                    0x0041d299
                    0x0041d29e
                    0x0041d2a2
                    0x0041d2a7
                    0x0041d2aa
                    0x0041d2b0
                    0x0041d2b8
                    0x0041d2c5
                    0x0041d2ba
                    0x0041d2c1
                    0x0041d2c1
                    0x0041d2ce
                    0x0041d2d2
                    0x0041d2e1
                    0x0041d2e6
                    0x0041d2e7
                    0x0041d2ea
                    0x0041d2f1
                    0x0041d2f9
                    0x0041d2f9
                    0x0041d2fb
                    0x0041d2fb
                    0x0041d269
                    0x0041d1b3
                    0x0041d1b3
                    0x0041d1ba
                    0x0041d1c5
                    0x0041d1ca
                    0x0041d1cd
                    0x0041d1d3
                    0x0041d1db
                    0x0041d1e8
                    0x0041d1dd
                    0x0041d1e4
                    0x0041d1e4
                    0x0041d1ea
                    0x0041d1ef
                    0x0041d1f3
                    0x0041d1f8
                    0x0041d1fb
                    0x0041d201
                    0x0041d209
                    0x0041d216
                    0x0041d20b
                    0x0041d212
                    0x0041d212
                    0x0041d21f
                    0x0041d223
                    0x0041d232
                    0x0041d237
                    0x0041d238
                    0x0041d23b
                    0x0041d242
                    0x0041d24a
                    0x0041d24a
                    0x0041d24c
                    0x0041d24c
                    0x0041d1ba
                    0x0041d104
                    0x0041d104
                    0x0041d10b
                    0x0041d116
                    0x0041d11b
                    0x0041d11e
                    0x0041d124
                    0x0041d12c
                    0x0041d139
                    0x0041d12e
                    0x0041d135
                    0x0041d135
                    0x0041d13b
                    0x0041d140
                    0x0041d144
                    0x0041d149
                    0x0041d14c
                    0x0041d152
                    0x0041d15a
                    0x0041d167
                    0x0041d15c
                    0x0041d163
                    0x0041d163
                    0x0041d170
                    0x0041d174
                    0x0041d183
                    0x0041d188
                    0x0041d189
                    0x0041d18c
                    0x0041d193
                    0x0041d19b
                    0x0041d19b
                    0x0041d19d
                    0x0041d19d
                    0x0041d10b
                    0x0041d055
                    0x0041d055
                    0x0041d05c
                    0x0041d067
                    0x0041d06c
                    0x0041d06f
                    0x0041d075
                    0x0041d07d
                    0x0041d08a
                    0x0041d07f
                    0x0041d086
                    0x0041d086
                    0x0041d08c
                    0x0041d091
                    0x0041d095
                    0x0041d09a
                    0x0041d09d
                    0x0041d0a3
                    0x0041d0ab
                    0x0041d0b8
                    0x0041d0ad
                    0x0041d0b4
                    0x0041d0b4
                    0x0041d0c1
                    0x0041d0c5
                    0x0041d0d4
                    0x0041d0d9
                    0x0041d0da
                    0x0041d0dd
                    0x0041d0e4
                    0x0041d0ec
                    0x0041d0ec
                    0x0041d0ee
                    0x0041d0ee
                    0x0041d05c
                    0x0041cfa6
                    0x0041cfa6
                    0x0041cfad
                    0x0041cfb8
                    0x0041cfbd
                    0x0041cfc0
                    0x0041cfc6
                    0x0041cfce
                    0x0041cfdb
                    0x0041cfd0
                    0x0041cfd7
                    0x0041cfd7
                    0x0041cfdd
                    0x0041cfe2
                    0x0041cfe6
                    0x0041cfeb
                    0x0041cfee
                    0x0041cff4
                    0x0041cffc
                    0x0041d009
                    0x0041cffe
                    0x0041d005
                    0x0041d005
                    0x0041d012
                    0x0041d016
                    0x0041d025
                    0x0041d02a
                    0x0041d02b
                    0x0041d02e
                    0x0041d035
                    0x0041d03d
                    0x0041d03d
                    0x0041d03f
                    0x0041d03f
                    0x0041cfad
                    0x0041cef7
                    0x0041cef7
                    0x0041cefe
                    0x0041cf09
                    0x0041cf0e
                    0x0041cf11
                    0x0041cf17
                    0x0041cf1f
                    0x0041cf2c
                    0x0041cf21
                    0x0041cf28
                    0x0041cf28
                    0x0041cf2e
                    0x0041cf33
                    0x0041cf37
                    0x0041cf3c
                    0x0041cf3f
                    0x0041cf45
                    0x0041cf4d
                    0x0041cf5a
                    0x0041cf4f
                    0x0041cf56
                    0x0041cf56
                    0x0041cf63
                    0x0041cf67
                    0x0041cf76
                    0x0041cf7b
                    0x0041cf7c
                    0x0041cf7f
                    0x0041cf86
                    0x0041cf8e
                    0x0041cf8e
                    0x0041cf90
                    0x0041cf90
                    0x0041cefe
                    0x0041ce48
                    0x0041ce48
                    0x0041ce4f
                    0x0041ce5a
                    0x0041ce5f
                    0x0041ce62
                    0x0041ce68
                    0x0041ce70
                    0x0041ce7d
                    0x0041ce72
                    0x0041ce79
                    0x0041ce79
                    0x0041ce7f
                    0x0041ce84
                    0x0041ce88
                    0x0041ce8d
                    0x0041ce90
                    0x0041ce96
                    0x0041ce9e
                    0x0041ceab
                    0x0041cea0
                    0x0041cea7
                    0x0041cea7
                    0x0041ceb4
                    0x0041ceb8
                    0x0041cec7
                    0x0041cecc
                    0x0041cecd
                    0x0041ced0
                    0x0041ced7
                    0x0041cedf
                    0x0041cedf
                    0x0041cee1
                    0x0041cee1
                    0x0041ce4f
                    0x0041cd99
                    0x0041cd99
                    0x0041cda0
                    0x0041cdab
                    0x0041cdb0
                    0x0041cdb3
                    0x0041cdb9
                    0x0041cdc1
                    0x0041cdce
                    0x0041cdc3
                    0x0041cdca
                    0x0041cdca
                    0x0041cdd0
                    0x0041cdd5
                    0x0041cdd9
                    0x0041cdde
                    0x0041cde1
                    0x0041cde7
                    0x0041cdef
                    0x0041cdfc
                    0x0041cdf1
                    0x0041cdf8
                    0x0041cdf8
                    0x0041ce05
                    0x0041ce09
                    0x0041ce18
                    0x0041ce1d
                    0x0041ce1e
                    0x0041ce21
                    0x0041ce28
                    0x0041ce30
                    0x0041ce30
                    0x0041ce32
                    0x0041ce32
                    0x0041cda0
                    0x0041ccea
                    0x0041ccea
                    0x0041ccf1
                    0x0041ccfc
                    0x0041cd01
                    0x0041cd04
                    0x0041cd0a
                    0x0041cd12
                    0x0041cd1f
                    0x0041cd14
                    0x0041cd1b
                    0x0041cd1b
                    0x0041cd21
                    0x0041cd26
                    0x0041cd2a
                    0x0041cd2f
                    0x0041cd32
                    0x0041cd38
                    0x0041cd40
                    0x0041cd4d
                    0x0041cd42
                    0x0041cd49
                    0x0041cd49
                    0x0041cd56
                    0x0041cd5a
                    0x0041cd69
                    0x0041cd6e
                    0x0041cd6f
                    0x0041cd72
                    0x0041cd79
                    0x0041cd81
                    0x0041cd81
                    0x0041cd83
                    0x0041cd83
                    0x0041ccf1
                    0x00000000
                    0x0041cce4
                    0x0041cc3b
                    0x0041cc42
                    0x00000000
                    0x00000000
                    0x0041cc4d
                    0x0041cc52
                    0x0041cc55
                    0x0041cc5b
                    0x0041cc63
                    0x0041cc70
                    0x0041cc65
                    0x0041cc6c
                    0x0041cc6c
                    0x0041cc72
                    0x0041cc77
                    0x0041cc7b
                    0x0041cc80
                    0x0041cc83
                    0x0041cc89
                    0x0041cc91
                    0x0041cc9e
                    0x0041cc93
                    0x0041cc9a
                    0x0041cc9a
                    0x0041cca7
                    0x0041ccab
                    0x0041ccba
                    0x0041ccbf
                    0x0041ccc0
                    0x0041ccc3
                    0x0041ccca
                    0x0041ccd2
                    0x0041ccd2
                    0x0041ccd4
                    0x0041cb8c
                    0x0041cb8c
                    0x0041cb93
                    0x0041cb9e
                    0x0041cba3
                    0x0041cba6
                    0x0041cbac
                    0x0041cbb4
                    0x0041cbc1
                    0x0041cbb6
                    0x0041cbbd
                    0x0041cbbd
                    0x0041cbc3
                    0x0041cbc8
                    0x0041cbcc
                    0x0041cbd1
                    0x0041cbd4
                    0x0041cbda
                    0x0041cbe2
                    0x0041cbef
                    0x0041cbe4
                    0x0041cbeb
                    0x0041cbeb
                    0x0041cbf8
                    0x0041cbfc
                    0x0041cc0b
                    0x0041cc10
                    0x0041cc11
                    0x0041cc14
                    0x0041cc1b
                    0x0041cc23
                    0x0041cc23
                    0x0041cc25
                    0x0041cc25
                    0x0041cb93
                    0x0041cadd
                    0x0041cadd
                    0x0041cae4
                    0x0041caef
                    0x0041caf4
                    0x0041caf7
                    0x0041cafd
                    0x0041cb05
                    0x0041cb12
                    0x0041cb07
                    0x0041cb0e
                    0x0041cb0e
                    0x0041cb14
                    0x0041cb19
                    0x0041cb1d
                    0x0041cb22
                    0x0041cb25
                    0x0041cb2b
                    0x0041cb33
                    0x0041cb40
                    0x0041cb35
                    0x0041cb3c
                    0x0041cb3c
                    0x0041cb49
                    0x0041cb4d
                    0x0041cb5c
                    0x0041cb61
                    0x0041cb62
                    0x0041cb65
                    0x0041cb6c
                    0x0041cb74
                    0x0041cb74
                    0x0041cb76
                    0x0041cb76
                    0x0041cae4
                    0x0041ca2e
                    0x0041ca2e
                    0x0041ca35
                    0x0041ca40
                    0x0041ca45
                    0x0041ca48
                    0x0041ca4e
                    0x0041ca56
                    0x0041ca63
                    0x0041ca58
                    0x0041ca5f
                    0x0041ca5f
                    0x0041ca65
                    0x0041ca6a
                    0x0041ca6e
                    0x0041ca73
                    0x0041ca76
                    0x0041ca7c
                    0x0041ca84
                    0x0041ca91
                    0x0041ca86
                    0x0041ca8d
                    0x0041ca8d
                    0x0041ca9a
                    0x0041ca9e
                    0x0041caad
                    0x0041cab2
                    0x0041cab3
                    0x0041cab6
                    0x0041cabd
                    0x0041cac5
                    0x0041cac5
                    0x0041cac7
                    0x0041cac7
                    0x0041ca35
                    0x0041c97f
                    0x0041c97f
                    0x0041c986
                    0x0041c991
                    0x0041c996
                    0x0041c999
                    0x0041c99f
                    0x0041c9a7
                    0x0041c9b4
                    0x0041c9a9
                    0x0041c9b0
                    0x0041c9b0
                    0x0041c9b6
                    0x0041c9bb
                    0x0041c9bf
                    0x0041c9c4
                    0x0041c9c7
                    0x0041c9cd
                    0x0041c9d5
                    0x0041c9e2
                    0x0041c9d7
                    0x0041c9de
                    0x0041c9de
                    0x0041c9eb
                    0x0041c9ef
                    0x0041c9fe
                    0x0041ca03
                    0x0041ca04
                    0x0041ca07
                    0x0041ca0e
                    0x0041ca16
                    0x0041ca16
                    0x0041ca18
                    0x0041ca18
                    0x0041c986
                    0x0041c8d0
                    0x0041c8d0
                    0x0041c8d7
                    0x0041c8e2
                    0x0041c8e7
                    0x0041c8ea
                    0x0041c8f0
                    0x0041c8f8
                    0x0041c905
                    0x0041c8fa
                    0x0041c901
                    0x0041c901
                    0x0041c907
                    0x0041c90c
                    0x0041c910
                    0x0041c915
                    0x0041c918
                    0x0041c91e
                    0x0041c926
                    0x0041c933
                    0x0041c928
                    0x0041c92f
                    0x0041c92f
                    0x0041c93c
                    0x0041c940
                    0x0041c94f
                    0x0041c954
                    0x0041c955
                    0x0041c958
                    0x0041c95f
                    0x0041c967
                    0x0041c967
                    0x0041c969
                    0x0041c969
                    0x0041c8d7
                    0x00000000
                    0x0041c821
                    0x0041c821
                    0x0041c828
                    0x0041c833
                    0x0041c838
                    0x0041c83b
                    0x0041c841
                    0x0041c849
                    0x0041c856
                    0x0041c84b
                    0x0041c852
                    0x0041c852
                    0x0041c858
                    0x0041c85d
                    0x0041c861
                    0x0041c866
                    0x0041c869
                    0x0041c86f
                    0x0041c877
                    0x0041c884
                    0x0041c879
                    0x0041c880
                    0x0041c880
                    0x0041c88d
                    0x0041c891
                    0x0041c8a0
                    0x0041c8a5
                    0x0041c8a6
                    0x0041c8a9
                    0x0041c8b0
                    0x0041c8b8
                    0x0041c8b8
                    0x0041c8ba
                    0x0041c8ba
                    0x0041df4f
                    0x0041df57
                    0x0041df61
                    0x0041df61

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID: xYXUgoAAAAAA=
                    • API String ID: 0-1120508646
                    • Opcode ID: a7e816e875c2624eab2be26c15457b9198beb2ad5f307e308e8a9c48624ca447
                    • Instruction ID: 46093a7c5ab3fa9fb5b5e2d645e6f01b07d7b3164415907058652cec8ecf3ab9
                    • Opcode Fuzzy Hash: a7e816e875c2624eab2be26c15457b9198beb2ad5f307e308e8a9c48624ca447
                    • Instruction Fuzzy Hash: 6AC2C3B0B047559BE714AF76988676F36D59B84348F10093EF6168B3D1EBBCC8818B4E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00430B52 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32 ref: 00430B57
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: 80138870db0f40508ec17ad1d6c5d0ac6a1b42c7c7c92214ef423ca614dff1ec
                    • Instruction ID: 5979635727efc2041cf678e0641e5ca97e2dbe780243bd08b7c219fa434387e2
                    • Opcode Fuzzy Hash: 80138870db0f40508ec17ad1d6c5d0ac6a1b42c7c7c92214ef423ca614dff1ec
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00420020 Relevance: .9, Instructions: 856COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 730ebdfd77ef28cdfe81c3b77fe94c561e9cdf823a6d028cf18f01313f1d9b08
                    • Instruction ID: 1cd0f2f9ee957c6b589c3051ba25ec44c83e7fac5484ad8a6798431f782d690c
                    • Opcode Fuzzy Hash: 730ebdfd77ef28cdfe81c3b77fe94c561e9cdf823a6d028cf18f01313f1d9b08
                    • Instruction Fuzzy Hash: 345292377447094BE70CCE9ACCD15A9B3D3ABC8354B4D863C9A56C3346EEF8A91B8644
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0044AC70 Relevance: .8, Instructions: 835COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e89507d16d1c9292dd091687820d8a0d73c77e513e38f78b7691f9375be59ab0
                    • Instruction ID: 2e51adaa09b2ae49e9cb173ea676dc43e7f62919875c98d950d8e30c331bbfb8
                    • Opcode Fuzzy Hash: e89507d16d1c9292dd091687820d8a0d73c77e513e38f78b7691f9375be59ab0
                    • Instruction Fuzzy Hash: 4472A2729083C25BE315CF3988806ABFBE3BFD9208F9D8578D9C88B302C6759955C795
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0044C5A0 Relevance: .8, Instructions: 784COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d59edb3f428a9faff6e784f96eaec7fceb76eb3f266f39bc421f9a458ac53815
                    • Instruction ID: a1ad3e5e5edc0f08b54ff9c0a2fd793b35866b3947d6aa04875d824b6a305792
                    • Opcode Fuzzy Hash: d59edb3f428a9faff6e784f96eaec7fceb76eb3f266f39bc421f9a458ac53815
                    • Instruction Fuzzy Hash: AE82C33260934B8BD720EF59C8807AAB3E2FFC8310F65887D9D915B346DA34F9159B85
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043662E Relevance: .4, Instructions: 442COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6165cc4e84da71e46f68d33b409aaa1c6df6a2eeef3f7c39f74b380b6a37bcb8
                    • Instruction ID: 2f6fb00847acaa7b69d4ae86680f799217d81f602c408f8f2e8cc4c847857a02
                    • Opcode Fuzzy Hash: 6165cc4e84da71e46f68d33b409aaa1c6df6a2eeef3f7c39f74b380b6a37bcb8
                    • Instruction Fuzzy Hash: 0D128934100B419FD329CF25C5A0AA6BBF1FB49305F50996ED4E78BB52CA38F949CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004421DD Relevance: .4, Instructions: 361COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a7cda6b4ac47602767f964e66c574fb6f759315f846e93cc6ac1151135167a1a
                    • Instruction ID: f19655276e119eb5d186188991e4b137b56843f225e200ff2531d33a8a6b772c
                    • Opcode Fuzzy Hash: a7cda6b4ac47602767f964e66c574fb6f759315f846e93cc6ac1151135167a1a
                    • Instruction Fuzzy Hash: B3F18A7A108251CFC3198F24C8949F5B7A1FFA8364B1F82FAE8595F3A2D3719941CB84
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00436CD0 Relevance: .3, Instructions: 341COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e410f8b4e143f1333c61bf5d4ea23fc4118ca378412d704996effb5ff287eaad
                    • Instruction ID: 18f478e4feae8463bb3928d4fc985bbe6ea43dbacc128071b095a0cb84f5d267
                    • Opcode Fuzzy Hash: e410f8b4e143f1333c61bf5d4ea23fc4118ca378412d704996effb5ff287eaad
                    • Instruction Fuzzy Hash: EBE169B4904215DFCB18CF05D094AAABBB2FF99311F2691EEC9461B362C334E985CF95
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004213F0 Relevance: .3, Instructions: 299COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 525c36b8a89ba76243493947e46fd575eede34d622cfb676108b585cdc5e6809
                    • Instruction ID: 80253f5c28e8ff949954017e78162cf848ec6384e9b9bf41f3bb128d146b3b15
                    • Opcode Fuzzy Hash: 525c36b8a89ba76243493947e46fd575eede34d622cfb676108b585cdc5e6809
                    • Instruction Fuzzy Hash: 81B19E7620D3918BC701CF2AD0A05DBFBE1AFE9214F58596EF4D883352D225E94DCB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004490B0 Relevance: .3, Instructions: 296COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8646d3aaf2588149ec41001e63f77ae490a2104df27c13bbcab034c71e626c8f
                    • Instruction ID: 682f9a7d16c4b028aaab74a33cd535af3c1b29b36de02dcac9872a2b832e097c
                    • Opcode Fuzzy Hash: 8646d3aaf2588149ec41001e63f77ae490a2104df27c13bbcab034c71e626c8f
                    • Instruction Fuzzy Hash: 05D10B75A483098FC321DFADE8C0A56F7E1BB4D708F4A84BCD7504B723EE6469288B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00448CB0 Relevance: .3, Instructions: 296COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b57eb5f19b87ac61b1c13e69f60418e2dc508a25a36750291f5a0eb8bf50340
                    • Instruction ID: f2775cc135eb1570913966bb7a79a0024aa28fef5c347bc1f50b15c2c7629781
                    • Opcode Fuzzy Hash: 0b57eb5f19b87ac61b1c13e69f60418e2dc508a25a36750291f5a0eb8bf50340
                    • Instruction Fuzzy Hash: 40D1FA75A483098FC321DFADE8C0A56F7E1BB4D708F4A84BC97504B723EE6469288B55
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00422430 Relevance: .3, Instructions: 275COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 22751880d634bb1f75d889be626374319c56cb79261c0efe643ea70f2862b5e4
                    • Instruction ID: b69863659ae9249ab259fc321fa92973c5ac458d573acd4e715197147f160711
                    • Opcode Fuzzy Hash: 22751880d634bb1f75d889be626374319c56cb79261c0efe643ea70f2862b5e4
                    • Instruction Fuzzy Hash: 17D16D36A587828FD310DF18D890626B7E2BF9D300F0E84BCDA951B717D634E919CB4A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0044A980 Relevance: .2, Instructions: 206COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bfd20355d47b395fe7711a35a063ca803312cb8b802625550cb7f31924eb4758
                    • Instruction ID: a916e5d0cbace195a2a0024e7f4b2723fe8c867b3ba13ba4cf2f158f4b9f1f30
                    • Opcode Fuzzy Hash: bfd20355d47b395fe7711a35a063ca803312cb8b802625550cb7f31924eb4758
                    • Instruction Fuzzy Hash: 96A1BCB2D112228FD794CF688144741B7E4BF0C664F5B42BAD918FF602E672AC868BD0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00424F40 Relevance: .2, Instructions: 203COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 53f560d2b9227d4aa5f2ed83e36c39d8d97703fc7fb65a0587175a53ec056e28
                    • Instruction ID: a57fad1d829e1b1e86b2dd892b21cab07b7dd738a6b9a9e7ad76ddb47698c7b8
                    • Opcode Fuzzy Hash: 53f560d2b9227d4aa5f2ed83e36c39d8d97703fc7fb65a0587175a53ec056e28
                    • Instruction Fuzzy Hash: 7A717633E116715FD3618FAD8880122FFD6AF9A211B5F81BEC548AB222C5B1BC56C7C4
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0044A7B0 Relevance: .1, Instructions: 114COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2604ecc976d31d7261e75403e5799cbb3a14aba523d7a3e4dc0b562a7e1d0b49
                    • Instruction ID: 6ff38b9dd441873f8b80820046e49b6f5611da754c71a6a82eb9401154a8962a
                    • Opcode Fuzzy Hash: 2604ecc976d31d7261e75403e5799cbb3a14aba523d7a3e4dc0b562a7e1d0b49
                    • Instruction Fuzzy Hash: 5741FB5628E7C19ED712CA3990A02DBBFE0AEB7600F8D699DE4D847303C254960DDB77
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042A010 Relevance: .1, Instructions: 76COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
                    • Instruction ID: b017699bb2d70ee90f2185bcb757679af03cffed1f7b5da81889aaec4d546af6
                    • Opcode Fuzzy Hash: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
                    • Instruction Fuzzy Hash: 7C117DA730017243E614CE3AF4B02B7E395EBC6724FEC42BBD9424B344D52A9865850F
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0044A720 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8c0ffa33a212c66d0aa18a0501164c6ec3c4c2f53b3d6eea953c067e0e8ef4e7
                    • Instruction ID: 36c95d039f2f4220415e3a6a50e264204479dc9cd0b38d89f169f07c73ab9deb
                    • Opcode Fuzzy Hash: 8c0ffa33a212c66d0aa18a0501164c6ec3c4c2f53b3d6eea953c067e0e8ef4e7
                    • Instruction Fuzzy Hash: 980126333206250FF718C839DC82B6B5395D7D5294F5A0B3DD611CB280D81CCC068354
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004041CC Relevance: 88.0, APIs: 1, Strings: 49, Instructions: 489COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E004041CC() {
				void* _t27;
				signed int _t29;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				signed int _t36;
				signed int _t37;
				signed int _t38;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				signed int _t67;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t195;
				intOrPtr* _t197;
				void* _t198;

				E004291C0(0x44d6b4, _t198);
				if( *((intOrPtr*)(_t198 + 8)) != 0) {
					_t2 = _t198 - 0x34; // -52
					E00406110(_t2, __eflags);
					 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
					L00405CB0( *((intOrPtr*)(_t198 + 8)));
					_t7 = _t198 - 0x34; // -52
					E00405460(_t7);
					_t8 = _t198 - 0x34; // -52
					E004068E0(_t8);
					_t9 = _t198 - 0x34; // -52
					E00405550(_t9, 0x5f, 0x2d);
					_t10 = _t198 - 0x34; // -52
					_t27 = E0040CE50(_t10);
					__eflags = _t27 - 3;
					if(_t27 < 3) {
						L101:
						_t195 = 0;
						__eflags = 0;
					} else {
						_t11 = _t198 - 0x34; // -52
						_t197 = E00446F00(_t11);
						_t31 =  *_t197;
						__eflags = _t31 - 0x69;
						if(_t31 != 0x69) {
							__eflags = _t31 - 0x75;
							if(_t31 != 0x75) {
								__eflags = _t31 - 0x77;
								if(_t31 != 0x77) {
									__eflags = _t31 - 0x65;
									if(_t31 != 0x65) {
										__eflags = _t31 - 0x62;
										if(_t31 != 0x62) {
											__eflags = _t31 - 0x67;
											if(_t31 != 0x67) {
												__eflags = _t31 - 0x6b;
												if(_t31 != 0x6b) {
													__eflags = _t31 - 0x73;
													if(_t31 != 0x73) {
														goto L101;
													} else {
														_t32 = E00429470(_t197, "shift-jis");
														__eflags = _t32;
														if(_t32 != 0) {
															_t33 = E00429470(_t197, "sen-850200-b");
															__eflags = _t33;
															if(_t33 != 0) {
																_t34 = E00429470(_t197, "sjis");
																__eflags = _t34;
																if(_t34 == 0) {
																	goto L96;
																} else {
																	_t35 = E00429470(_t197, "swedish");
																	__eflags = _t35;
																	if(_t35 == 0) {
																		goto L98;
																	} else {
																		goto L101;
																	}
																}
															} else {
																L98:
																_t195 = 0x4e8b;
															}
														} else {
															L96:
															_t195 = 0x3a4;
														}
													}
												} else {
													_t36 = E00429470(_t197, "ks-c-5601-1987");
													__eflags = _t36;
													if(_t36 != 0) {
														_t37 = E00429470(_t197, "koi8-r");
														__eflags = _t37;
														if(_t37 != 0) {
															_t38 = E00429470(_t197, "koi8-u");
															__eflags = _t38;
															if(_t38 != 0) {
																_t39 = E00429470(_t197, "koi");
																__eflags = _t39;
																if(_t39 == 0) {
																	goto L79;
																} else {
																	_t40 = E00429470(_t197, "koi8");
																	__eflags = _t40;
																	if(_t40 == 0) {
																		goto L79;
																	} else {
																		_t41 = E00429470(_t197, "koi8-ru");
																		__eflags = _t41;
																		if(_t41 == 0) {
																			goto L81;
																		} else {
																			_t42 = E00429470(_t197, "koi8r");
																			__eflags = _t42;
																			if(_t42 == 0) {
																				goto L79;
																			} else {
																				_t43 = E00429470(_t197, "korean");
																				__eflags = _t43;
																				if(_t43 == 0) {
																					goto L77;
																				} else {
																					_t44 = E00429470(_t197, "ks-c-5601");
																					__eflags = _t44;
																					if(_t44 == 0) {
																						goto L77;
																					} else {
																						_t45 = E00429470(_t197, "ks-c5601");
																						__eflags = _t45;
																						if(_t45 == 0) {
																							goto L77;
																						} else {
																							_t46 = E00429470(_t197, "ksc5601");
																							__eflags = _t46;
																							if(_t46 == 0) {
																								goto L77;
																							} else {
																								_t47 = E00429470(_t197, "ksc-5601");
																								__eflags = _t47;
																								if(_t47 == 0) {
																									goto L77;
																								} else {
																									_t48 = E00429470(_t197, "ks-c-5601");
																									__eflags = _t48;
																									if(_t48 == 0) {
																										goto L77;
																									} else {
																										_t49 = E00429470(_t197, "ks-c-5601-1989");
																										__eflags = _t49;
																										if(_t49 != 0) {
																											goto L101;
																										} else {
																											goto L77;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															} else {
																L81:
																_t195 = 0x556a;
															}
														} else {
															L79:
															_t195 = 0x5182;
														}
													} else {
														L77:
														_t195 = 0x3b5;
													}
												}
											} else {
												_t50 = E00429470(_t197, "gb2312");
												__eflags = _t50;
												if(_t50 != 0) {
													goto L101;
												} else {
													_t195 = 0x3a8;
												}
											}
										} else {
											_t51 = E00429470(_t197, "big5");
											__eflags = _t51;
											if(_t51 != 0) {
												goto L101;
											} else {
												_t195 = 0x3b6;
											}
										}
									} else {
										_t52 = E00429470(_t197, "ebcdic");
										__eflags = _t52;
										if(_t52 != 0) {
											_t53 = E00429470(_t197, "euc-jp");
											__eflags = _t53;
											if(_t53 != 0) {
												_t54 = E00429470(_t197, "euc-cn");
												__eflags = _t54;
												if(_t54 != 0) {
													_t55 = E00429470(_t197, "euc-kr");
													__eflags = _t55;
													if(_t55 != 0) {
														_t56 = E00429470(_t197, "euc-tw");
														__eflags = _t56;
														if(_t56 != 0) {
															goto L101;
														} else {
															_t195 = 0xcaee;
														}
													} else {
														_t195 = 0xcaed;
													}
												} else {
													_t195 = 0xcae0;
												}
											} else {
												_t195 = 0xcadc;
											}
										} else {
											_t195 = 0x25;
										}
									}
								} else {
									__eflags =  *((char*)(_t197 + 1)) - 0x69;
									if( *((char*)(_t197 + 1)) != 0x69) {
										goto L101;
									} else {
										__eflags =  *((char*)(_t197 + 2)) - 0x6e;
										if( *((char*)(_t197 + 2)) != 0x6e) {
											goto L101;
										} else {
											_t57 = E00429470(_t197, "windows-1250");
											__eflags = _t57;
											if(_t57 != 0) {
												_t58 = E00429470(_t197, "windows-1251");
												__eflags = _t58;
												if(_t58 != 0) {
													_t59 = E00429470(_t197, "windows-1252");
													__eflags = _t59;
													if(_t59 != 0) {
														_t60 = E00429470(_t197, "windows-1253");
														__eflags = _t60;
														if(_t60 != 0) {
															_t61 = E00429470(_t197, "windows-1254");
															__eflags = _t61;
															if(_t61 != 0) {
																_t62 = E00429470(_t197, "windows-1255");
																__eflags = _t62;
																if(_t62 != 0) {
																	_t63 = E00429470(_t197, "windows-1256");
																	__eflags = _t63;
																	if(_t63 != 0) {
																		_t64 = E00429470(_t197, "windows-1257");
																		__eflags = _t64;
																		if(_t64 != 0) {
																			_t65 = E00429470(_t197, "windows-1258");
																			__eflags = _t65;
																			if(_t65 != 0) {
																				_t66 = E00429470(_t197, "windows-874");
																				__eflags = _t66;
																				if(_t66 != 0) {
																					goto L101;
																				} else {
																					_t195 = 0x36a;
																				}
																			} else {
																				_t195 = 0x4ea;
																			}
																		} else {
																			_t195 = 0x4e9;
																		}
																	} else {
																		_t195 = 0x4e8;
																	}
																} else {
																	_t195 = 0x4e7;
																}
															} else {
																_t195 = 0x4e6;
															}
														} else {
															_t195 = 0x4e5;
														}
													} else {
														_t195 = 0x4e4;
													}
												} else {
													_t195 = 0x4e3;
												}
											} else {
												_t195 = 0x4e2;
											}
										}
									}
								}
							} else {
								_t67 = E00429470(_t197, "us-ascii");
								__eflags = _t67;
								if(_t67 != 0) {
									_t68 = E00429470(_t197, "utf-8");
									__eflags = _t68;
									if(_t68 != 0) {
										_t69 = E00429470(_t197, "utf-16");
										__eflags = _t69;
										if(_t69 != 0) {
											_t70 = E00429470(_t197, "ucs-2");
											__eflags = _t70;
											if(_t70 == 0) {
												goto L28;
											} else {
												_t71 = E00429470(_t197, "unicode");
												__eflags = _t71;
												if(_t71 == 0) {
													goto L28;
												} else {
													_t72 = E00429470(_t197, "unicodefffe");
													__eflags = _t72;
													if(_t72 != 0) {
														_t73 = E00429470(_t197, "utf-7");
														__eflags = _t73;
														if(_t73 != 0) {
															goto L101;
														} else {
															_t195 = 0xfde8;
														}
													} else {
														_t195 = 0x4b1;
													}
												}
											}
										} else {
											L28:
											_t195 = 0x4b0;
										}
									} else {
										_t195 = 0xfde9;
									}
								} else {
									_t195 = 0x4e9f;
								}
							}
						} else {
							__eflags =  *((char*)(_t197 + 1)) - 0x73;
							if( *((char*)(_t197 + 1)) != 0x73) {
								goto L101;
							} else {
								__eflags =  *((char*)(_t197 + 2)) - 0x6f;
								if( *((char*)(_t197 + 2)) != 0x6f) {
									goto L101;
								} else {
									_t74 = E00429470(_t197, "iso-8859-1");
									__eflags = _t74;
									if(_t74 != 0) {
										_t75 = E00429470(_t197, "iso-8859-2");
										__eflags = _t75;
										if(_t75 != 0) {
											_t76 = E00429470(_t197, "iso-8859-3");
											__eflags = _t76;
											if(_t76 != 0) {
												_t77 = E00429470(_t197, "iso-8859-4");
												__eflags = _t77;
												if(_t77 != 0) {
													_t78 = E00429470(_t197, "iso-8859-5");
													__eflags = _t78;
													if(_t78 != 0) {
														_t79 = E00429470(_t197, "iso-8859-6");
														__eflags = _t79;
														if(_t79 != 0) {
															_t80 = E00429470(_t197, "iso-8859-7");
															__eflags = _t80;
															if(_t80 != 0) {
																_t81 = E00429470(_t197, "iso-8859-8");
																__eflags = _t81;
																if(_t81 != 0) {
																	goto L101;
																} else {
																	_t195 = 0x6fb6;
																}
															} else {
																_t195 = 0x6fb5;
															}
														} else {
															_t195 = 0x6fb4;
														}
													} else {
														_t195 = 0x6fb3;
													}
												} else {
													_t195 = 0x6fb2;
												}
											} else {
												_t195 = 0x6fb1;
											}
										} else {
											_t195 = 0x6fb0;
										}
									} else {
										_t195 = 0x6faf;
									}
								}
							}
						}
					}
					_t16 = _t198 - 4;
					 *_t16 =  *(_t198 - 4) | 0xffffffff;
					__eflags =  *_t16;
					_t18 = _t198 - 0x34; // -52
					E00406400(_t18);
					_t29 = _t195;
				} else {
					_t29 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t198 - 0xc));
				return _t29;
			}



























































                    0x004041d1
                    0x004041dd
                    0x004041e8
                    0x004041eb
                    0x004041f3
                    0x004041fa
                    0x004041ff
                    0x00404202
                    0x00404207
                    0x0040420a
                    0x00404213
                    0x00404216
                    0x0040421b
                    0x0040421e
                    0x00404223
                    0x00404226
                    0x0040476e
                    0x0040476e
                    0x0040476e
                    0x0040422c
                    0x0040422c
                    0x00404234
                    0x00404236
                    0x00404238
                    0x0040423a
                    0x00404330
                    0x00404332
                    0x004043e5
                    0x004043e7
                    0x00404513
                    0x00404515
                    0x004045a4
                    0x004045a6
                    0x004045c7
                    0x004045c9
                    0x004045ea
                    0x004045ec
                    0x00404718
                    0x0040471a
                    0x00000000
                    0x0040471c
                    0x00404722
                    0x00404728
                    0x0040472b
                    0x0040473a
                    0x00404740
                    0x00404743
                    0x00404752
                    0x00404758
                    0x0040475b
                    0x00000000
                    0x0040475d
                    0x00404763
                    0x00404769
                    0x0040476c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040476c
                    0x00404745
                    0x00404745
                    0x00404745
                    0x00404745
                    0x0040472d
                    0x0040472d
                    0x0040472d
                    0x0040472d
                    0x0040472b
                    0x004045f2
                    0x004045f8
                    0x004045fe
                    0x00404601
                    0x00404613
                    0x00404619
                    0x0040461c
                    0x0040462e
                    0x00404634
                    0x00404637
                    0x00404649
                    0x0040464f
                    0x00404652
                    0x00000000
                    0x00404654
                    0x0040465a
                    0x00404660
                    0x00404663
                    0x00000000
                    0x00404665
                    0x0040466b
                    0x00404671
                    0x00404674
                    0x00000000
                    0x00404676
                    0x0040467c
                    0x00404682
                    0x00404685
                    0x00000000
                    0x00404687
                    0x0040468d
                    0x00404693
                    0x00404696
                    0x00000000
                    0x0040469c
                    0x004046a3
                    0x004046a9
                    0x004046ac
                    0x00000000
                    0x004046b2
                    0x004046b8
                    0x004046be
                    0x004046c1
                    0x00000000
                    0x004046c7
                    0x004046cd
                    0x004046d3
                    0x004046d6
                    0x00000000
                    0x004046dc
                    0x004046e2
                    0x004046e8
                    0x004046eb
                    0x00000000
                    0x004046f1
                    0x004046f3
                    0x004046f9
                    0x004046fc
                    0x00000000
                    0x00404702
                    0x00404708
                    0x0040470e
                    0x00404711
                    0x00000000
                    0x00404713
                    0x00000000
                    0x00404713
                    0x00404711
                    0x004046fc
                    0x004046eb
                    0x004046d6
                    0x004046c1
                    0x004046ac
                    0x00404696
                    0x00404685
                    0x00404674
                    0x00404663
                    0x00404639
                    0x00404639
                    0x00404639
                    0x00404639
                    0x0040461e
                    0x0040461e
                    0x0040461e
                    0x0040461e
                    0x00404603
                    0x00404603
                    0x00404603
                    0x00404603
                    0x00404601
                    0x004045cb
                    0x004045d1
                    0x004045d7
                    0x004045da
                    0x00000000
                    0x004045e0
                    0x004045e0
                    0x004045e0
                    0x004045da
                    0x004045a8
                    0x004045ae
                    0x004045b4
                    0x004045b7
                    0x00000000
                    0x004045bd
                    0x004045bd
                    0x004045bd
                    0x004045b7
                    0x0040451b
                    0x00404521
                    0x00404527
                    0x0040452a
                    0x0040453a
                    0x00404540
                    0x00404543
                    0x00404555
                    0x0040455b
                    0x0040455e
                    0x00404570
                    0x00404576
                    0x00404579
                    0x0040458b
                    0x00404591
                    0x00404594
                    0x00000000
                    0x0040459a
                    0x0040459a
                    0x0040459a
                    0x0040457b
                    0x0040457b
                    0x0040457b
                    0x00404560
                    0x00404560
                    0x00404560
                    0x00404545
                    0x00404545
                    0x00404545
                    0x0040452c
                    0x0040452e
                    0x0040452e
                    0x0040452a
                    0x004043ed
                    0x004043ed
                    0x004043f1
                    0x00000000
                    0x004043f7
                    0x004043f7
                    0x004043fb
                    0x00000000
                    0x00404401
                    0x00404407
                    0x0040440d
                    0x00404410
                    0x00404422
                    0x00404428
                    0x0040442b
                    0x0040443d
                    0x00404443
                    0x00404446
                    0x00404458
                    0x0040445e
                    0x00404461
                    0x00404473
                    0x00404479
                    0x0040447c
                    0x0040448e
                    0x00404494
                    0x00404497
                    0x004044a9
                    0x004044af
                    0x004044b2
                    0x004044c4
                    0x004044ca
                    0x004044cd
                    0x004044df
                    0x004044e5
                    0x004044e8
                    0x004044fa
                    0x00404500
                    0x00404503
                    0x00000000
                    0x00404509
                    0x00404509
                    0x00404509
                    0x004044ea
                    0x004044ea
                    0x004044ea
                    0x004044cf
                    0x004044cf
                    0x004044cf
                    0x004044b4
                    0x004044b4
                    0x004044b4
                    0x00404499
                    0x00404499
                    0x00404499
                    0x0040447e
                    0x0040447e
                    0x0040447e
                    0x00404463
                    0x00404463
                    0x00404463
                    0x00404448
                    0x00404448
                    0x00404448
                    0x0040442d
                    0x0040442d
                    0x0040442d
                    0x00404412
                    0x00404412
                    0x00404412
                    0x00404410
                    0x004043fb
                    0x004043f1
                    0x00404338
                    0x0040433e
                    0x00404344
                    0x00404347
                    0x00404359
                    0x0040435f
                    0x00404362
                    0x00404374
                    0x0040437a
                    0x0040437d
                    0x0040438f
                    0x00404395
                    0x00404398
                    0x00000000
                    0x0040439a
                    0x004043a0
                    0x004043a6
                    0x004043a9
                    0x00000000
                    0x004043ab
                    0x004043b1
                    0x004043b7
                    0x004043ba
                    0x004043cc
                    0x004043d2
                    0x004043d5
                    0x00000000
                    0x004043db
                    0x004043db
                    0x004043db
                    0x004043bc
                    0x004043bc
                    0x004043bc
                    0x004043ba
                    0x004043a9
                    0x0040437f
                    0x0040437f
                    0x0040437f
                    0x0040437f
                    0x00404364
                    0x00404364
                    0x00404364
                    0x00404349
                    0x00404349
                    0x00404349
                    0x00404347
                    0x00404240
                    0x00404240
                    0x00404244
                    0x00000000
                    0x0040424a
                    0x0040424a
                    0x0040424e
                    0x00000000
                    0x00404254
                    0x0040425a
                    0x00404260
                    0x00404263
                    0x00404275
                    0x0040427b
                    0x0040427e
                    0x00404290
                    0x00404296
                    0x00404299
                    0x004042ab
                    0x004042b1
                    0x004042b4
                    0x004042c6
                    0x004042cc
                    0x004042cf
                    0x004042e1
                    0x004042e7
                    0x004042ea
                    0x004042fc
                    0x00404302
                    0x00404305
                    0x00404317
                    0x0040431d
                    0x00404320
                    0x00000000
                    0x00404326
                    0x00404326
                    0x00404326
                    0x00404307
                    0x00404307
                    0x00404307
                    0x004042ec
                    0x004042ec
                    0x004042ec
                    0x004042d1
                    0x004042d1
                    0x004042d1
                    0x004042b6
                    0x004042b6
                    0x004042b6
                    0x0040429b
                    0x0040429b
                    0x0040429b
                    0x00404280
                    0x00404280
                    0x00404280
                    0x00404265
                    0x00404265
                    0x00404265
                    0x00404263
                    0x0040424e
                    0x00404244
                    0x0040423a
                    0x00404770
                    0x00404770
                    0x00404770
                    0x00404774
                    0x00404777
                    0x0040477c
                    0x004041df
                    0x004041df
                    0x004041df
                    0x00404783
                    0x0040478b

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: big5$ebcdic$euc-cn$euc-jp$euc-kr$euc-tw$gb2312$iso-8859-1$iso-8859-2$iso-8859-3$iso-8859-4$iso-8859-5$iso-8859-6$iso-8859-7$iso-8859-8$koi$koi8$koi8-r$koi8-ru$koi8-u$koi8r$korean$ks-c-5601$ks-c-5601-1987$ks-c-5601-1989$ks-c5601$ksc-5601$ksc5601$sen-850200-b$shift-jis$sjis$swedish$ucs-2$unicode$unicodefffe$us-ascii$utf-16$utf-7$utf-8$windows-1250$windows-1251$windows-1252$windows-1253$windows-1254$windows-1255$windows-1256$windows-1257$windows-1258$windows-874
                    • API String ID: 3519838083-1475569498
                    • Opcode ID: 3fbd3e743468b332e04729283170b4e667836d8e1d37e7a574dd9478565c9113
                    • Instruction ID: 2bc5b1678d2c2d31be8f932849c412dd67f8e4c2154d2bb0f98e0a15a6d54329
                    • Opcode Fuzzy Hash: 3fbd3e743468b332e04729283170b4e667836d8e1d37e7a574dd9478565c9113
                    • Instruction Fuzzy Hash: 46C1B5A664A72629EA15B171BC52BAB03444F9333FB70407FFA41F65C2DF2C6D86408E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004034B6 Relevance: 63.4, APIs: 25, Strings: 11, Instructions: 406windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 89%
                    			E004034B6(void* __ecx, void* __edx, void* __eflags) {
				void* _t129;
				int _t136;
				int _t141;
				int _t151;
				int _t156;
				struct HWND__* _t166;
				int _t183;
				int _t204;
				void* _t210;
				int _t212;
				void* _t217;
				int _t223;
				int _t226;
				int _t230;
				int _t237;
				int _t246;
				int _t321;
				struct HWND__* _t324;
				int _t327;
				void* _t331;
				void* _t333;
				void* _t341;

				_t318 = __edx;
				E004291C0(0x44d627, _t331);
				E00429440(0x14ec, __ecx);
				_t129 =  *((intOrPtr*)(_t331 + 0xc)) - 0x110;
				if(_t129 == 0) {
					E00408BB0(_t331 - 0x11c, __eflags);
					 *(_t331 - 4) =  *(_t331 - 4) & 0x00000000;
					E00408BB0(_t331 - 0x2dc, __eflags);
					 *(_t331 - 4) = 1;
					E00408BB0(_t331 - 0x1cc, __eflags);
					 *(_t331 - 4) = 2;
					E00408BB0(_t331 - 0x254, __eflags);
					 *(_t331 - 4) = 3;
					E004049B4(0x472498, _t331 - 0x254);
					_t136 = E00408CF0(_t331 - 0x254, __edx);
					__eflags = _t136;
					if(_t136 == 0) {
						__eflags = E0040495C(0x472498);
						if(__eflags == 0) {
							E00408BB0(_t331 - 0x94, __eflags);
							 *(_t331 - 4) = 7;
							E004049EC(0x472498, _t331 - 0x94);
							_t141 = E00408CF0(_t331 - 0x94, __edx);
							__eflags = _t141;
							if(_t141 == 0) {
								GetCurrentDirectoryW(0x400, _t331 - 0x14f8);
								SetDlgItemTextW( *(_t331 + 8), 0x3eb, _t331 - 0x14f8);
							} else {
								E00403483( *(_t331 + 8), _t331 - 0x94);
							}
							 *(_t331 - 4) = 3;
							E00408C80(_t331 - 0x94);
							L37:
							E004048B9(0x472498, _t331 - 0x2dc);
							E004048D3(0x472498, _t331 - 0x1cc);
							_t151 = E00408CF0(_t331 - 0x2dc, _t318);
							__eflags = _t151;
							if(_t151 != 0) {
								SetWindowTextW( *(_t331 + 8), E00409030(_t331 - 0x2dc, _t331));
							}
							__eflags = E00408CF0(_t331 - 0x1cc, _t318);
							if(__eflags != 0) {
								SetDlgItemTextW( *(_t331 + 8), 0x3f6, E00409030(_t331 - 0x1cc, _t331));
							}
							E00408D40(_t331 - 0x11c, __eflags);
							_push(_t331 - 0x11c);
							E00404871(0x472498, "MainUnzipLabel");
							_t156 = E00408CF0(_t331 - 0x11c, _t318);
							__eflags = _t156;
							if(_t156 != 0) {
								SetDlgItemTextW( *(_t331 + 8), 0x3f9, E00409030(_t331 - 0x11c, _t331));
								E00408D40(_t331 - 0x11c, __eflags);
								_push(_t331 - 0x11c);
								E00404871(0x472498, "MainUnzipBtn");
								__eflags = E00408CF0(_t331 - 0x11c, _t318);
								if(__eflags != 0) {
									SetDlgItemTextW( *(_t331 + 8), 0x3e9, E00409030(_t331 - 0x11c, _t331));
								}
								E00408D40(_t331 - 0x11c, __eflags);
								_push(_t331 - 0x11c);
								E00404871(0x472498, "MainCloseBtn");
								__eflags = E00408CF0(_t331 - 0x11c, _t318);
								if(__eflags != 0) {
									SetDlgItemTextW( *(_t331 + 8), 2, E00409030(_t331 - 0x11c, _t331));
								}
								E00408D40(_t331 - 0x11c, __eflags);
								_push(_t331 - 0x11c);
								E00404871(0x472498, "MainBrowseBtn");
								_t183 = E00408CF0(_t331 - 0x11c, _t318);
								__eflags = _t183;
								if(_t183 != 0) {
									SetDlgItemTextW( *(_t331 + 8), 0x3ec, E00409030(_t331 - 0x11c, _t331));
								}
							}
							_t321 = E0040488A(0x472498, "MainWidth");
							_t327 = E0040488A(0x472498, "MainHeight");
							L00401E20(_t318,  *(_t331 + 8), _t321, _t327);
							__eflags = _t321;
							if(_t321 != 0) {
								__eflags = _t327;
								if(_t327 != 0) {
									_t166 = GetDlgItem( *(_t331 + 8), 0x3e9);
									_t110 = _t321 - 0x56; // -86
									_t246 = _t110;
									MoveWindow(_t166, _t246, 0xb, 0x4b, 0x19, 1);
									MoveWindow(GetDlgItem( *(_t331 + 8), 2), _t246, 0x29, 0x4b, 0x19, 1);
								}
							}
							 *(_t331 - 4) = 2;
							E00408C80(_t331 - 0x254);
							 *(_t331 - 4) = 1;
							E00408C80(_t331 - 0x1cc);
							 *(_t331 - 4) =  *(_t331 - 4) & 0x00000000;
							E00408C80(_t331 - 0x2dc);
							_t119 = _t331 - 4;
							 *_t119 =  *(_t331 - 4) | 0xffffffff;
							__eflags =  *_t119;
							E00408C80(_t331 - 0x11c);
							 *0x472708 =  *(_t331 + 8);
							L52:
							_push(1);
							_pop(0);
							L53:
							 *[fs:0x0] =  *((intOrPtr*)(_t331 - 0xc));
							return 0;
						}
						E0040EC60(_t331 + 0xc);
						 *(_t331 - 4) = 4;
						E00406110(_t331 - 0x144, __eflags);
						 *(_t331 - 4) = 5;
						_push(_t331 + 0xc);
						L0040BF40(_t331, __eflags, _t341, "ckz", _t331 - 0x144);
						_t333 = _t333 + 0xc;
						E00408BB0(_t331 - 0x94, __eflags);
						 *(_t331 - 4) = 6;
						L00409700(_t331 - 0x94, E00446F00(_t331 - 0x144));
						_t247 = ".";
						_t204 = L00409BC0(_t331 - 0x94, _t318, _t331, ".");
						__eflags = _t204;
						if(_t204 == 0) {
							L32:
							E004049CE(0x472498, _t331 - 0x94);
							SetDlgItemTextW( *(_t331 + 8), 0x3eb, E00409030(_t331 - 0x94, _t331));
							 *(_t331 - 4) = 5;
							E00408C80(_t331 - 0x94);
							 *(_t331 - 4) = 4;
							_t210 = E00406400(_t331 - 0x144);
							 *(_t331 - 4) = 3;
							E0040ECA0(_t210, _t331 + 0xc);
							goto L37;
						}
						_t52 = _t331 + 0x10;
						 *_t52 =  *(_t331 + 0x10) & 0x00000000;
						__eflags =  *_t52;
						while(1) {
							_t212 = L00409B10(_t331 - 0x94, _t331, _t247);
							__eflags = _t212;
							if(_t212 != 0) {
								break;
							}
							L00409B40(_t331 - 0x94, _t331, 1);
							 *(_t331 + 0x10) =  *(_t331 + 0x10) + 1;
							__eflags =  *(_t331 + 0x10) - 0x3e8;
							if( *(_t331 + 0x10) <= 0x3e8) {
								continue;
							}
							break;
						}
						L00409B40(_t331 - 0x94, _t331, 1);
						goto L32;
					}
					E00403483( *(_t331 + 8), _t331 - 0x254);
					goto L37;
				}
				_t217 = _t129 - 1;
				if(_t217 == 0) {
					__eflags =  *(_t331 + 0x10) - 2;
					if( *(_t331 + 0x10) != 2) {
						__eflags =  *(_t331 + 0x10) - 0x3ec;
						if( *(_t331 + 0x10) != 0x3ec) {
							__eflags =  *(_t331 + 0x10) - 0x3e9;
							if(__eflags != 0) {
								L23:
								goto L53;
							}
							E00408BB0(_t331 - 0x94, __eflags);
							_t324 =  *(_t331 + 8);
							 *(_t331 - 4) = 9;
							GetDlgItemTextW(_t324, 0x3eb, _t331 - 0x6dc, 0x200);
							_push(_t331 - 0x6dc);
							E00408FB0(_t331 - 0x94);
							_t223 = E00408CF0(_t331 - 0x94, _t318);
							__eflags = _t223;
							if(__eflags != 0) {
								E004049CE(0x472498, _t331 - 0x94);
								_push(_t324);
								_t226 = E004026A3(_t318, __eflags);
								__eflags = _t226;
								if(_t226 == 0) {
									_push("Error!");
								} else {
									_push("Finished!");
								}
								SetDlgItemTextA(_t324, 0x3f5, ??);
								SendMessageA(GetDlgItem( *0x472708, 0x3f0), 0x402, 0x64, 0);
								_t230 = E00404A38(0x472498);
								__eflags = _t230;
								if(_t230 != 0) {
									DialogBoxParamW( *0x472494, 0x8b, _t324, 0x403ab6, 0);
								}
								__eflags =  *0x472704;
								if( *0x472704 != 0) {
									EndDialog(_t324, 0x3e9);
									PostQuitMessage(0);
								}
							} else {
								MessageBoxA(_t324, "Please enter an unzip directory.", "Warning", _t223);
							}
							 *(_t331 - 4) =  *(_t331 - 4) | 0xffffffff;
							E00408C80(_t331 - 0x94);
							goto L52;
						}
						E00401000(_t331 - 0xcf8);
						 *(_t331 - 4) = 8;
						_t237 = E00401036(_t331 - 0xcf8,  *(_t331 + 8), _t331 - 0x14f8);
						__eflags = _t237;
						if(_t237 != 0) {
							_t237 = SetDlgItemTextW( *(_t331 + 8), 0x3eb, _t331 - 0x14f8);
						}
						 *(_t331 - 4) =  *(_t331 - 4) | 0xffffffff;
						E00428D7D(_t237);
					} else {
						_push(2);
						L7:
						EndDialog( *(_t331 + 8), ??);
						PostQuitMessage(0);
					}
					goto L52;
				}
				if(_t217 != 1 ||  *(_t331 + 0x10) != 0xf060) {
					goto L23;
				} else {
					_push(0xf060);
					goto L7;
				}
			}

























                    0x004034b6
                    0x004034bb
                    0x004034c5
                    0x004034cf
                    0x004034d5
                    0x0040369a
                    0x0040369f
                    0x004036a9
                    0x004036b4
                    0x004036b8
                    0x004036c3
                    0x004036c7
                    0x004036da
                    0x004036de
                    0x004036e9
                    0x004036f4
                    0x004036f6
                    0x00403715
                    0x00403717
                    0x0040381b
                    0x00403829
                    0x0040382d
                    0x00403838
                    0x0040383d
                    0x0040383f
                    0x00403860
                    0x00403875
                    0x00403841
                    0x0040384b
                    0x00403851
                    0x0040387d
                    0x00403881
                    0x00403886
                    0x0040388f
                    0x0040389d
                    0x004038a8
                    0x004038ad
                    0x004038af
                    0x004038c0
                    0x004038c0
                    0x004038d1
                    0x004038d3
                    0x004038e9
                    0x004038e9
                    0x004038f1
                    0x004038fe
                    0x00403904
                    0x0040390f
                    0x00403914
                    0x0040391b
                    0x00403935
                    0x0040393d
                    0x0040394a
                    0x00403950
                    0x00403960
                    0x00403962
                    0x00403974
                    0x00403974
                    0x0040397c
                    0x00403989
                    0x0040398f
                    0x0040399f
                    0x004039a1
                    0x004039b4
                    0x004039b4
                    0x004039bc
                    0x004039c9
                    0x004039cf
                    0x004039da
                    0x004039df
                    0x004039e1
                    0x004039f7
                    0x004039f7
                    0x004039e1
                    0x00403a0c
                    0x00403a13
                    0x00403a1a
                    0x00403a22
                    0x00403a24
                    0x00403a26
                    0x00403a28
                    0x00403a34
                    0x00403a3a
                    0x00403a3a
                    0x00403a49
                    0x00403a5c
                    0x00403a5c
                    0x00403a28
                    0x00403a64
                    0x00403a68
                    0x00403a73
                    0x00403a77
                    0x00403a7c
                    0x00403a86
                    0x00403a8b
                    0x00403a8b
                    0x00403a8b
                    0x00403a95
                    0x00403a9d
                    0x00403aa2
                    0x00403aa2
                    0x00403aa4
                    0x00403aa5
                    0x00403aab
                    0x00403ab3
                    0x00403ab3
                    0x00403720
                    0x0040372b
                    0x0040372f
                    0x00403737
                    0x0040373b
                    0x00403748
                    0x0040374d
                    0x00403756
                    0x00403761
                    0x00403771
                    0x00403776
                    0x00403782
                    0x00403787
                    0x00403789
                    0x004037c5
                    0x004037ce
                    0x004037e7
                    0x004037ef
                    0x004037f3
                    0x004037fe
                    0x00403802
                    0x0040380a
                    0x0040380e
                    0x00000000
                    0x0040380e
                    0x0040378b
                    0x0040378b
                    0x0040378b
                    0x0040378f
                    0x00403796
                    0x0040379b
                    0x0040379d
                    0x00000000
                    0x00000000
                    0x004037a7
                    0x004037ac
                    0x004037af
                    0x004037b6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004037b6
                    0x004037c0
                    0x00000000
                    0x004037c0
                    0x00403702
                    0x00000000
                    0x00403708
                    0x004034db
                    0x004034dc
                    0x004034f6
                    0x004034fb
                    0x00403515
                    0x0040351b
                    0x00403576
                    0x0040357a
                    0x0040368d
                    0x00000000
                    0x0040368d
                    0x00403586
                    0x0040358b
                    0x004035a0
                    0x004035a7
                    0x004035b9
                    0x004035ba
                    0x004035c5
                    0x004035ca
                    0x004035cc
                    0x004035f3
                    0x004035f8
                    0x004035f9
                    0x004035fe
                    0x00403601
                    0x0040360a
                    0x00403603
                    0x00403603
                    0x00403603
                    0x00403615
                    0x00403636
                    0x0040363e
                    0x00403643
                    0x00403645
                    0x0040365a
                    0x0040365a
                    0x00403660
                    0x00403667
                    0x0040366b
                    0x00403673
                    0x00403673
                    0x004035ce
                    0x004035da
                    0x004035da
                    0x00403679
                    0x00403683
                    0x00000000
                    0x00403683
                    0x00403523
                    0x00403535
                    0x0040353f
                    0x00403544
                    0x00403546
                    0x00403557
                    0x00403557
                    0x0040355d
                    0x00403567
                    0x004034fd
                    0x004034fd
                    0x004034ff
                    0x00403502
                    0x0040350a
                    0x0040350a
                    0x00000000
                    0x004034fb
                    0x004034df
                    0x00000000
                    0x004034f3
                    0x004034f3
                    0x00000000
                    0x004034f3

                    APIs
                    • __EH_prolog.LIBCMT ref: 004034BB
                    • EndDialog.USER32(?,00000002), ref: 00403502
                    • PostQuitMessage.USER32(00000000), ref: 0040350A
                    • SetDlgItemTextW.USER32 ref: 00403557
                      • Part of subcall function 004026A3: __EH_prolog.LIBCMT ref: 004026A8
                      • Part of subcall function 004026A3: GetDlgItem.USER32 ref: 004026DD
                      • Part of subcall function 004026A3: EnableWindow.USER32(00000000), ref: 004026E4
                      • Part of subcall function 004026A3: EndDialog.USER32(?,00000000), ref: 00402726
                      • Part of subcall function 004026A3: PostQuitMessage.USER32(00000000), ref: 0040272D
                    • GetDlgItemTextW.USER32(?,000003EB,?,00000200), ref: 004035A7
                    • MessageBoxA.USER32 ref: 004035DA
                    • SetDlgItemTextA.USER32 ref: 00403615
                    • GetDlgItem.USER32 ref: 00403626
                    • SendMessageA.USER32(00000000,00000402,00000064,00000000), ref: 00403636
                    • DialogBoxParamW.USER32 ref: 0040365A
                    • EndDialog.USER32(?,000003E9), ref: 0040366B
                    • PostQuitMessage.USER32(00000000), ref: 00403673
                    • SetDlgItemTextW.USER32 ref: 004037E7
                    • GetCurrentDirectoryW.KERNEL32(00000400,?,?,?), ref: 00403860
                    • SetDlgItemTextW.USER32 ref: 00403875
                    • SetWindowTextW.USER32(?,00000000), ref: 004038C0
                    • SetDlgItemTextW.USER32 ref: 004038E9
                    • SetDlgItemTextW.USER32 ref: 00403935
                    • SetDlgItemTextW.USER32 ref: 00403974
                    • SetDlgItemTextW.USER32 ref: 004039B4
                    • SetDlgItemTextW.USER32 ref: 004039F7
                    • GetDlgItem.USER32 ref: 00403A34
                    • MoveWindow.USER32(00000000,-00000056,0000000B,0000004B,00000019,00000001), ref: 00403A49
                    • GetDlgItem.USER32 ref: 00403A50
                    • MoveWindow.USER32(00000000,-00000056,00000029,0000004B,00000019,00000001), ref: 00403A5C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: Item$Text$Message$DialogWindow$PostQuit$H_prologMove$CurrentDirectoryEnableParamSend
                    • String ID: Error!$Finished!$MainBrowseBtn$MainCloseBtn$MainHeight$MainUnzipBtn$MainUnzipLabel$MainWidth$Please enter an unzip directory.$Warning$ckz
                    • API String ID: 2303344304-3045815159
                    • Opcode ID: b0670038db8a3a4c40339fea961c00d9e086b598d6fd1e66f32c29caccc489d8
                    • Instruction ID: b2fd6d31383e77bf9975a0ae7277306cd402b1dc1107c920b10c48e82e8049c9
                    • Opcode Fuzzy Hash: b0670038db8a3a4c40339fea961c00d9e086b598d6fd1e66f32c29caccc489d8
                    • Instruction Fuzzy Hash: 69F19370540219AAEB24EB61CD56FEE7B78AF10345F0040BEFA09761D2DF785F49CA68
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004348B9 Relevance: 30.0, APIs: 1, Strings: 16, Instructions: 267COMMON
                    Download Yara Rule
                    C-Code - Quality: 80%
                    			E004348B9(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __edi;
				intOrPtr _t104;
				signed int _t105;
				signed int _t111;
				void* _t114;
				void* _t126;
				signed int _t127;
				intOrPtr _t132;
				void* _t138;
				signed int _t139;
				signed int _t146;
				void* _t188;
				void* _t228;
				intOrPtr* _t230;
				char* _t231;
				void* _t234;
				void* _t237;

				_t228 = __edx;
				E004291C0(E0045006E, _t237);
				_t234 = __ecx;
				E00406110(_t237 - 0x3c, __eflags);
				_t230 =  *((intOrPtr*)(_t237 + 8));
				_t165 = 0;
				 *(_t237 - 4) = 0;
				if(E004341DA(__ecx, _t237, __fp0, _t237 - 0x3c, _t230) != 0) {
					__eflags =  *((intOrPtr*)(_t234 + 0x40));
					if( *((intOrPtr*)(_t234 + 0x40)) != 0) {
						 *((intOrPtr*)( *_t230 + 0x28))("inflateToTempFilename", E00446F00(_t237 - 0x3c));
						 *((intOrPtr*)( *_t230 + 0x30))("expectedTempSize",  *((intOrPtr*)(_t234 + 0x138)),  *((intOrPtr*)(_t234 + 0x13c)));
						_t165 = 0;
						__eflags = 0;
					}
					L00423AA0(_t237 - 0xd4);
					_push(_t230);
					 *(_t237 - 4) = 1;
					__eflags = L004239E0(_t237 - 0xd4, __eflags, E00446F00(_t237 - 0x3c)) - _t165;
					if(__eflags != 0) {
						E00439434(_t237 - 0x84, __eflags, _t165);
						 *(_t237 - 4) = 2;
						E00443090(_t237 - 0x84, _t230, _t234);
						_t104 =  *((intOrPtr*)(_t234 + 0x10c));
						__eflags = _t104 - _t165;
						if(_t104 != _t165) {
							E0043942A(_t237 - 0x84, _t104);
						}
						__eflags =  *((intOrPtr*)(_t234 + 0x41)) - _t165;
						if( *((intOrPtr*)(_t234 + 0x41)) == _t165) {
							_t105 = L00433A67(_t234);
							__eflags = _t105;
							if(_t105 == 0) {
								__eflags =  *((intOrPtr*)(_t234 + 0x40)) - _t165;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t230 + 0x14))("Inflating from memory.");
									 *((intOrPtr*)( *_t230 + 0x2c))("srcDataSize", E0040CE40(_t234 + 0xc0));
									_t165 = 0;
									__eflags = 0;
								}
								_push( *((intOrPtr*)(_t234 + 0x40)));
								_push(_t230);
								_push(_t237 - 0x14);
								 *(_t237 - 0x14) = _t165;
								_push(_t237 - 0xd4);
								_push(E0040CE40(_t234 + 0xc0));
								_push(E00446F00(_t234 + 0xc0));
								_t111 = E0043AB0C(_t237 - 0x84, __eflags);
								__eflags = _t111 - _t165;
								 *(_t237 + 0xb) = _t111;
								if(_t111 == _t165) {
									_t132 =  *_t230;
									_push("Failed to inflate from data buffer to temp file");
									L22:
									 *((intOrPtr*)(_t132 + 0x10))();
								}
								goto L23;
							}
							__eflags =  *((intOrPtr*)(_t234 + 0x40)) - _t165;
							if( *((intOrPtr*)(_t234 + 0x40)) != _t165) {
								 *((intOrPtr*)( *_t230 + 0x14))("Inflating from data source.");
							}
							 *(_t237 - 0x14) = _t165;
							_t138 = L00433A56(_t234);
							_push( *((intOrPtr*)(_t234 + 0x40)));
							_push(_t237 - 0x14);
							_push(_t234 + 0x108);
							_push(_t230);
							_push(_t237 - 0xd4);
							_push(_t138);
							_t139 = E0043A990(_t237 - 0x84, __eflags);
							__eflags = _t139 - _t165;
							 *(_t237 + 0xb) = _t139;
							if(_t139 != _t165) {
								goto L23;
							} else {
								_t132 =  *_t230;
								_push("Failed to inflate from data source to temp file");
								goto L22;
							}
						} else {
							__eflags =  *((intOrPtr*)(_t234 + 0x40)) - _t165;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t230 + 0x14))("Inflating from source file.");
							}
							_push( *((intOrPtr*)(_t234 + 0x40)));
							_push(_t230);
							_push(_t237 - 0x14);
							 *(_t237 - 0x14) = _t165;
							_push(_t237 - 0xd4);
							_push(E00446F00(_t234 + 0x80));
							_t146 = E0043A6E5(_t237 - 0x84, _t228, __eflags);
							__eflags = _t146 - _t165;
							 *(_t237 + 0xb) = _t146;
							if(_t146 == _t165) {
								 *((intOrPtr*)( *_t230 + 0x10))("Failed to inflate from file to temp file");
								 *((intOrPtr*)( *_t230 + 0x28))("srcFilename", E00446F00(_t234 + 0x80));
								_t165 = 0;
							}
							L23:
							E0041F6C0(_t237 - 0x94);
							__eflags =  *((intOrPtr*)(_t234 + 0x7b)) - _t165;
							if( *((intOrPtr*)(_t234 + 0x7b)) != _t165) {
								_t127 = E0040CE50(_t234 + 0x80);
								__eflags = _t127;
								if(_t127 != 0) {
									__eflags =  *((intOrPtr*)(_t234 + 0x40)) - _t165;
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t230 + 0x28))("deletingFile", E00446F00(_t234 + 0x80));
										_t165 = 0;
										__eflags = 0;
									}
									_push(_t165);
									L0040BE20(__eflags, E00446F00(_t234 + 0x80));
								}
							}
							 *((char*)(_t234 + 0x7b)) = 1;
							_t114 = E004069E0(_t234 + 0x80, E00446F00(_t237 - 0x3c));
							__eflags =  *((intOrPtr*)(_t234 + 0x40)) - _t165;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t230 + 0x28))("newSrcFilename", E00446F00(_t234 + 0x80));
								 *(_t237 - 0xd) =  *(_t237 - 0xd) & 0x00000000;
								_t126 = E0040C7E0(__eflags, E00446F00(_t234 + 0x80), _t230);
								_t114 =  *((intOrPtr*)( *_t230 + 0x30))("newSrcFileSize", _t126, _t228, _t237 - 0xd);
								_t165 = 0;
								__eflags = 0;
							}
							__eflags =  *((intOrPtr*)(_t234 + 0xe0)) - _t165;
							_t231 = _t234 + 0xe0;
							_t188 = _t234 + 0xc0;
							if( *((intOrPtr*)(_t234 + 0xe0)) != _t165) {
								E0040CE30(_t114, _t188);
							} else {
								E0040D120(_t188);
								 *_t231 = 1;
							}
							 *((char*)(_t234 + 0x41)) = 1;
							 *(_t237 - 4) = 1;
							E00439468(_t237 - 0x84);
							goto L34;
						}
					} else {
						 *((intOrPtr*)( *_t230 + 0x10))("Failed to create temporary output file");
						 *((intOrPtr*)( *_t230 + 0x28))("filename", E00446F00(_t237 - 0x3c));
						 *(_t237 + 0xb) = _t165;
						L34:
						 *(_t237 - 4) = _t165;
						L00423B30(_t237 - 0xd4);
						goto L35;
					}
				} else {
					 *((intOrPtr*)( *_t230 + 0x10))("Failed to get temp file for inflating");
					 *(_t237 + 0xb) = 0;
					L35:
					 *(_t237 - 4) =  *(_t237 - 4) | 0xffffffff;
					E00406400(_t237 - 0x3c);
					 *[fs:0x0] =  *((intOrPtr*)(_t237 - 0xc));
					return  *(_t237 + 0xb);
				}
			}




















                    0x004348b9
                    0x004348be
                    0x004348cb
                    0x004348d1
                    0x004348d6
                    0x004348dc
                    0x004348e2
                    0x004348ec
                    0x00434902
                    0x00434905
                    0x00434919
                    0x00434931
                    0x00434934
                    0x00434934
                    0x00434934
                    0x0043493c
                    0x00434941
                    0x00434945
                    0x0043495a
                    0x0043495c
                    0x0043498e
                    0x0043499a
                    0x0043499e
                    0x004349a3
                    0x004349a9
                    0x004349ab
                    0x004349b4
                    0x004349b4
                    0x004349b9
                    0x004349bc
                    0x00434a31
                    0x00434a36
                    0x00434a38
                    0x00434a88
                    0x00434a8b
                    0x00434a96
                    0x00434aae
                    0x00434ab1
                    0x00434ab1
                    0x00434ab1
                    0x00434abc
                    0x00434ac0
                    0x00434ac1
                    0x00434ac8
                    0x00434acb
                    0x00434ad1
                    0x00434add
                    0x00434ae4
                    0x00434ae9
                    0x00434aeb
                    0x00434aee
                    0x00434af0
                    0x00434af2
                    0x00434af7
                    0x00434af9
                    0x00434af9
                    0x00000000
                    0x00434aee
                    0x00434a3a
                    0x00434a3d
                    0x00434a48
                    0x00434a48
                    0x00434a4d
                    0x00434a50
                    0x00434a58
                    0x00434a5c
                    0x00434a63
                    0x00434a6a
                    0x00434a6b
                    0x00434a6c
                    0x00434a73
                    0x00434a78
                    0x00434a7a
                    0x00434a7d
                    0x00000000
                    0x00434a7f
                    0x00434a7f
                    0x00434a81
                    0x00000000
                    0x00434a81
                    0x004349be
                    0x004349be
                    0x004349c1
                    0x004349cc
                    0x004349cc
                    0x004349d8
                    0x004349dc
                    0x004349dd
                    0x004349e4
                    0x004349e7
                    0x004349ed
                    0x004349f4
                    0x004349f9
                    0x004349fb
                    0x004349fe
                    0x00434a0d
                    0x00434a25
                    0x00434a28
                    0x00434a28
                    0x00434afc
                    0x00434b02
                    0x00434b07
                    0x00434b0a
                    0x00434b12
                    0x00434b17
                    0x00434b19
                    0x00434b1b
                    0x00434b1e
                    0x00434b35
                    0x00434b38
                    0x00434b38
                    0x00434b38
                    0x00434b3a
                    0x00434b47
                    0x00434b4d
                    0x00434b19
                    0x00434b51
                    0x00434b61
                    0x00434b66
                    0x00434b69
                    0x00434b80
                    0x00434b83
                    0x00434b9a
                    0x00434bab
                    0x00434bae
                    0x00434bae
                    0x00434bae
                    0x00434bb0
                    0x00434bb6
                    0x00434bbc
                    0x00434bc2
                    0x00434bce
                    0x00434bc4
                    0x00434bc4
                    0x00434bc9
                    0x00434bc9
                    0x00434bd9
                    0x00434bdd
                    0x00434be1
                    0x00000000
                    0x00434be9
                    0x0043495e
                    0x00434967
                    0x0043497c
                    0x0043497f
                    0x00434bec
                    0x00434bf2
                    0x00434bf5
                    0x00000000
                    0x00434bf5
                    0x004348ee
                    0x004348f7
                    0x004348fa
                    0x00434bfa
                    0x00434bfa
                    0x00434c01
                    0x00434c0f
                    0x00434c17
                    0x00434c17

                    APIs
                    Strings
                    • expectedTempSize, xrefs: 0043492C
                    • filename, xrefs: 00434975
                    • srcDataSize, xrefs: 00434AA7
                    • Failed to inflate from data buffer to temp file, xrefs: 00434AF2
                    • newSrcFilename, xrefs: 00434B79
                    • inflateToTempFilename, xrefs: 00434912
                    • Failed to get temp file for inflating, xrefs: 004348F0
                    • Inflating from data source., xrefs: 00434A41
                    • Failed to create temporary output file, xrefs: 00434960
                    • Inflating from memory., xrefs: 00434A8F
                    • Inflating from source file., xrefs: 004349C5
                    • Failed to inflate from file to temp file, xrefs: 00434A06
                    • newSrcFileSize, xrefs: 00434BA6
                    • Failed to inflate from data source to temp file, xrefs: 00434A81
                    • deletingFile, xrefs: 00434B2E
                    • srcFilename, xrefs: 00434A1E
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Failed to create temporary output file$Failed to get temp file for inflating$Failed to inflate from data buffer to temp file$Failed to inflate from data source to temp file$Failed to inflate from file to temp file$Inflating from data source.$Inflating from memory.$Inflating from source file.$deletingFile$expectedTempSize$filename$inflateToTempFilename$newSrcFileSize$newSrcFilename$srcDataSize$srcFilename
                    • API String ID: 3519838083-547789526
                    • Opcode ID: f2c49c5ce1ac8ced1376970293a0de01b71929fa14a4381c45e5de0797c21339
                    • Instruction ID: d1a8397890b5561b2ddd0bc48e53eb2281ce4b7d13da86c37859be21846249c3
                    • Opcode Fuzzy Hash: f2c49c5ce1ac8ced1376970293a0de01b71929fa14a4381c45e5de0797c21339
                    • Instruction Fuzzy Hash: D7A1B4705002449FDB15EB61C891BFEB7B4AF59304F14045FE59267282EF387A48CB2A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043421C Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 331COMMON
                    Download Yara Rule
                    C-Code - Quality: 85%
                    			E0043421C(void* __ecx, void* __fp0) {
				void* __edi;
				signed int _t110;
				signed char _t120;
				signed char _t126;
				signed char _t127;
				void* _t128;
				signed char _t129;
				void* _t133;
				signed char _t147;
				signed char _t153;
				intOrPtr _t154;
				intOrPtr _t162;
				signed char _t164;
				signed char _t170;
				signed char _t173;
				signed char _t176;
				intOrPtr _t188;
				intOrPtr* _t192;
				char* _t204;
				void* _t228;
				void* _t231;
				intOrPtr* _t285;
				void* _t288;
				void* _t290;
				void* _t302;

				_t302 = __fp0;
				E004291C0(E0045001D, _t290);
				_t288 = __ecx;
				_t285 =  *((intOrPtr*)(_t290 + 8));
				_t295 =  *((char*)(__ecx + 0x40));
				if( *((char*)(__ecx + 0x40)) != 0) {
					 *((intOrPtr*)( *_t285 + 0x20))("passwordDecode", 1);
					 *((intOrPtr*)( *_t285 + 0x2c))("m_srcPwdProt",  *(__ecx + 0x43) & 0x000000ff);
				}
				E00439113(_t290 - 0xd8, _t295);
				 *(_t290 - 4) = 0;
				if( *(_t288 + 0x43) == 0) {
					__eflags =  *((char*)(_t288 + 0x40));
					if( *((char*)(_t288 + 0x40)) == 0) {
						L58:
						_t102 = _t290 - 4;
						 *_t102 =  *(_t290 - 4) | 0xffffffff;
						__eflags =  *_t102;
						E00439172(_t290 - 0xd8,  *_t102);
						_t110 = 1;
						L59:
						 *[fs:0x0] =  *((intOrPtr*)(_t290 - 0xc));
						return _t110;
					}
					 *((intOrPtr*)( *_t285 + 0x14))("Not password protected.");
					L56:
					__eflags =  *((char*)(_t288 + 0x40));
					if( *((char*)(_t288 + 0x40)) != 0) {
						 *((intOrPtr*)( *_t285 + 0x24))();
					}
					goto L58;
				}
				if(L00433A67(_t288) == 0) {
					L7:
					if(E0043413A(_t288, _t290 - 0xd8, _t285) != 0) {
						E00406110(_t290 - 0x38, __eflags);
						 *(_t290 - 4) = 1;
						_t120 = E004341DA(_t288, _t290, _t302, _t290 - 0x38, _t285);
						__eflags = _t120;
						if(_t120 != 0) {
							L00423AA0(_t290 - 0x88);
							_push(_t285);
							 *(_t290 - 4) = 2;
							__eflags = L004239E0(_t290 - 0x88, __eflags, E00446F00(_t290 - 0x38));
							if(__eflags != 0) {
								E00439434(_t290 - 0x120, __eflags, 0);
								 *(_t290 - 4) = 3;
								E00443090(_t290 - 0x120, _t285, _t288);
								_t126 =  *(_t288 + 0x10c);
								__eflags = _t126;
								if(_t126 != 0) {
									E0043942A(_t290 - 0x120, _t126);
								}
								_t127 = L00433A67(_t288);
								__eflags = _t127;
								if(_t127 != 0) {
									_t128 = L00433A56(_t288);
									_push(_t285);
									_push(_t290 - 0xd8);
									_push(_t290 - 0x88);
									_push(_t128);
									_t129 = E0043A017(_t290 - 0x120, _t283, __eflags);
									__eflags = _t129;
									_t228 = _t288;
									if(_t129 != 0) {
										L00433A7D(_t228);
										goto L40;
									}
									L00433A7D(_t228);
									E0041F6C0(_t290 - 0x48);
									_push(_t285);
									_t153 = L0040BE20(__eflags, E00446F00(_t290 - 0x38));
									__eflags = _t153;
									if(_t153 != 0) {
										goto L31;
									}
									_t162 =  *_t285;
									_push("Failed to delete temp file for password decoding (3)");
									goto L30;
								} else {
									_t205 = _t288 + 0xc0;
									_t164 = E00446F00(_t288 + 0xc0);
									__eflags = _t164;
									if(_t164 != 0) {
										_push(_t285);
										 *((intOrPtr*)(_t290 - 0x10)) = _t164 + 0xc;
										_push(_t290 - 0xd8);
										_push(_t290 - 0x88);
										_push(E0040CE40(_t205) - 0xc);
										_push( *((intOrPtr*)(_t290 - 0x10)));
										_t170 = E0043A10A(_t290 - 0x120, _t283);
										__eflags = _t170;
										if(_t170 != 0) {
											L40:
											E0041F6C0(_t290 - 0x48);
											__eflags =  *((char*)(_t288 + 0x7b));
											if(__eflags != 0) {
												_push(_t285);
												_t147 = L0040BE20(__eflags, E00446F00(_t288 + 0x80));
												__eflags = _t147;
												if(_t147 == 0) {
													 *((intOrPtr*)( *_t285 + 0x10))("Failed to delete temp file for password decoding (4)");
												}
											}
											 *(_t288 + 0x43) =  *(_t288 + 0x43) & 0x00000000;
											 *((char*)(_t288 + 0x7b)) = 1;
											_t133 = E00406A70(_t288 + 0x80, _t290 - 0x38);
											__eflags =  *((char*)(_t288 + 0xe0));
											_t204 = _t288 + 0xe0;
											_t231 = _t288 + 0xc0;
											if( *((char*)(_t288 + 0xe0)) != 0) {
												E0040CE30(_t133, _t231);
											} else {
												E0040D120(_t231);
												 *_t204 = 1;
											}
											__eflags =  *(_t288 + 0x78);
											 *((char*)(_t288 + 0x41)) = 1;
											if( *(_t288 + 0x78) != 0) {
												__eflags =  *((char*)(_t288 + 0x40));
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t285 + 0x20))("InflateToTemp4", 1);
												}
												E004348B9(_t288, _t283, __eflags, _t302, _t285, 4);
												__eflags =  *((char*)(_t288 + 0x40));
												if( *((char*)(_t288 + 0x40)) != 0) {
													 *((intOrPtr*)( *_t285 + 0x24))();
												}
											}
											 *(_t288 + 0x78) =  *(_t288 + 0x78) & 0x00000000;
											__eflags =  *((char*)(_t288 + 0x40));
											if( *((char*)(_t288 + 0x40)) != 0) {
												 *((intOrPtr*)( *_t285 + 0x14))("Password decode successful.");
											}
											 *(_t290 - 4) = 2;
											E00439468(_t290 - 0x120);
											 *(_t290 - 4) = 1;
											L00423B30(_t290 - 0x88);
											 *(_t290 - 4) =  *(_t290 - 4) & 0x00000000;
											E00406400(_t290 - 0x38);
											goto L56;
										}
										E0041F6C0(_t290 - 0x48);
										_push(_t285);
										_t173 = L0040BE20(__eflags, E00446F00(_t290 - 0x38));
										__eflags = _t173;
										if(_t173 != 0) {
											L31:
											_t154 =  *_t285;
											_push("Failed to password-decode data");
											L32:
											 *((intOrPtr*)(_t154 + 0x10))();
											L33:
											__eflags =  *((char*)(_t288 + 0x40));
											if( *((char*)(_t288 + 0x40)) != 0) {
												 *((intOrPtr*)( *_t285 + 0x24))();
											}
											 *(_t290 - 4) = 2;
											E00439468(_t290 - 0x120);
											L36:
											 *(_t290 - 4) = 1;
											L00423B30(_t290 - 0x88);
											L37:
											_t63 = _t290 - 4;
											 *_t63 =  *(_t290 - 4) & 0x00000000;
											__eflags =  *_t63;
											E00406400(_t290 - 0x38);
											goto L38;
										}
										_t162 =  *_t285;
										_push("Failed to delete temp file for password decoding (2)");
										L30:
										 *((intOrPtr*)(_t162 + 0x10))();
										goto L31;
									}
									E0041F6C0(_t290 - 0x48);
									_push(_t285);
									_t176 = L0040BE20(__eflags, E00446F00(_t290 - 0x38));
									__eflags = _t176;
									if(_t176 != 0) {
										goto L33;
									}
									_t154 =  *_t285;
									_push("Failed to delete temp file for password decoding (1)");
									goto L32;
								}
							}
							 *((intOrPtr*)( *_t285 + 0x10))("Failed to open temp file (1)");
							 *((intOrPtr*)( *_t285 + 0x28))("tempFilename", E00446F00(_t290 - 0x38));
							__eflags =  *((char*)(_t288 + 0x40));
							if( *((char*)(_t288 + 0x40)) != 0) {
								 *((intOrPtr*)( *_t285 + 0x24))();
							}
							goto L36;
						}
						 *((intOrPtr*)( *_t285 + 0x10))("Failed to get temp file for password decoding");
						__eflags =  *((char*)(_t288 + 0x40));
						if( *((char*)(_t288 + 0x40)) != 0) {
							 *((intOrPtr*)( *_t285 + 0x24))();
						}
						goto L37;
					} else {
						_t188 =  *_t285;
						_push("Password incorrect for password-protected Zip");
						L9:
						 *((intOrPtr*)(_t188 + 0x10))();
						_t301 =  *((char*)(_t288 + 0x40));
						if( *((char*)(_t288 + 0x40)) != 0) {
							 *((intOrPtr*)( *_t285 + 0x24))();
						}
						L38:
						 *(_t290 - 4) =  *(_t290 - 4) | 0xffffffff;
						E00439172(_t290 - 0xd8, _t301);
						_t110 = 0;
						goto L59;
					}
				}
				 *((intOrPtr*)(_t290 + 8)) = 0;
				_t192 = L00433A56(_t288);
				_t283 =  *_t192;
				_push(0);
				_push(_t290 + 8);
				_push(0xc);
				_push(_t290 - 0x130);
				if( *((intOrPtr*)( *_t192 + 4))() == 0 ||  *((intOrPtr*)(_t290 + 8)) != 0xc) {
					_t188 =  *_t285;
					_push("Failed to get encryption header for pwd-protect");
					goto L9;
				} else {
					E0040CE30(_t193, _t288 + 0xc0);
					L0040DE00(_t288 + 0xc0, _t285, _t290 - 0x130, 0xc);
					goto L7;
				}
			}




























                    0x0043421c
                    0x00434221
                    0x0043422e
                    0x00434231
                    0x00434234
                    0x00434238
                    0x00434245
                    0x00434256
                    0x00434256
                    0x0043425f
                    0x00434269
                    0x0043426c
                    0x00434616
                    0x0043461a
                    0x00434635
                    0x00434635
                    0x00434635
                    0x00434635
                    0x0043463f
                    0x00434644
                    0x00434646
                    0x0043464c
                    0x00434654
                    0x00434654
                    0x00434625
                    0x00434628
                    0x00434628
                    0x0043462c
                    0x00434632
                    0x00434632
                    0x00000000
                    0x0043462c
                    0x0043427b
                    0x004342c3
                    0x004342d4
                    0x00434304
                    0x00434310
                    0x00434314
                    0x00434319
                    0x0043431b
                    0x00434345
                    0x0043434a
                    0x0043434e
                    0x00434363
                    0x00434365
                    0x004343a6
                    0x004343b2
                    0x004343b6
                    0x004343bb
                    0x004343c1
                    0x004343c3
                    0x004343cc
                    0x004343cc
                    0x004343d3
                    0x004343d8
                    0x004343da
                    0x0043447c
                    0x00434487
                    0x00434488
                    0x0043448f
                    0x00434490
                    0x00434497
                    0x0043449c
                    0x0043449e
                    0x004344a0
                    0x0043452d
                    0x00000000
                    0x0043452d
                    0x004344a6
                    0x004344ae
                    0x004344b3
                    0x004344bd
                    0x004344c3
                    0x004344c6
                    0x00000000
                    0x00000000
                    0x004344c8
                    0x004344ca
                    0x00000000
                    0x004343e0
                    0x004343e0
                    0x004343e8
                    0x004343ed
                    0x004343ef
                    0x00434421
                    0x00434422
                    0x0043442b
                    0x00434432
                    0x00434443
                    0x00434444
                    0x00434447
                    0x0043444c
                    0x0043444e
                    0x00434532
                    0x00434535
                    0x0043453a
                    0x0043453e
                    0x00434540
                    0x0043454d
                    0x00434553
                    0x00434556
                    0x00434561
                    0x00434561
                    0x00434556
                    0x00434564
                    0x00434572
                    0x00434576
                    0x0043457b
                    0x00434582
                    0x00434588
                    0x0043458e
                    0x0043459a
                    0x00434590
                    0x00434590
                    0x00434595
                    0x00434595
                    0x0043459f
                    0x004345a3
                    0x004345a7
                    0x004345a9
                    0x004345ad
                    0x004345ba
                    0x004345ba
                    0x004345c2
                    0x004345c7
                    0x004345cb
                    0x004345d1
                    0x004345d1
                    0x004345cb
                    0x004345d4
                    0x004345d8
                    0x004345dc
                    0x004345e7
                    0x004345e7
                    0x004345f0
                    0x004345f4
                    0x004345ff
                    0x00434603
                    0x00434608
                    0x0043460f
                    0x00000000
                    0x0043460f
                    0x00434457
                    0x0043445c
                    0x00434466
                    0x0043446c
                    0x0043446f
                    0x004344d4
                    0x004344d4
                    0x004344d6
                    0x004344db
                    0x004344dd
                    0x004344e0
                    0x004344e0
                    0x004344e4
                    0x004344ea
                    0x004344ea
                    0x004344f3
                    0x004344f7
                    0x004344fc
                    0x00434502
                    0x00434506
                    0x0043450b
                    0x0043450b
                    0x0043450b
                    0x0043450b
                    0x00434512
                    0x00000000
                    0x00434512
                    0x00434471
                    0x00434473
                    0x004344cf
                    0x004344d1
                    0x00000000
                    0x004344d1
                    0x004343f4
                    0x004343f9
                    0x00434403
                    0x00434409
                    0x0043440c
                    0x00000000
                    0x00000000
                    0x00434412
                    0x00434414
                    0x00000000
                    0x00434414
                    0x004343da
                    0x00434370
                    0x00434385
                    0x00434388
                    0x0043438c
                    0x00434396
                    0x00434396
                    0x00000000
                    0x0043438c
                    0x00434326
                    0x00434329
                    0x0043432d
                    0x00434337
                    0x00434337
                    0x00000000
                    0x004342d6
                    0x004342d6
                    0x004342d8
                    0x004342dd
                    0x004342df
                    0x004342e2
                    0x004342e6
                    0x004342f0
                    0x004342f0
                    0x00434517
                    0x00434517
                    0x00434521
                    0x00434526
                    0x00000000
                    0x00434526
                    0x004342d4
                    0x0043427f
                    0x00434282
                    0x00434287
                    0x0043428c
                    0x0043428d
                    0x00434294
                    0x00434296
                    0x0043429e
                    0x004342f8
                    0x004342fa
                    0x00000000
                    0x004342a6
                    0x004342ae
                    0x004342be
                    0x00000000
                    0x004342be

                    APIs
                    Strings
                    • Failed to delete temp file for password decoding (1), xrefs: 00434414
                    • passwordDecode, xrefs: 0043423E
                    • Password incorrect for password-protected Zip, xrefs: 004342D8
                    • Password decode successful., xrefs: 004345E0
                    • InflateToTemp4, xrefs: 004345B3
                    • Failed to password-decode data, xrefs: 004344D6
                    • Failed to get temp file for password decoding, xrefs: 0043431F
                    • Failed to get encryption header for pwd-protect, xrefs: 004342FA
                    • Failed to open temp file (1), xrefs: 00434369
                    • m_srcPwdProt, xrefs: 0043424F
                    • Failed to delete temp file for password decoding (3), xrefs: 004344CA
                    • Not password protected., xrefs: 0043461E
                    • tempFilename, xrefs: 0043437E
                    • Failed to delete temp file for password decoding (2), xrefs: 00434473
                    • Failed to delete temp file for password decoding (4), xrefs: 0043455A
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Failed to delete temp file for password decoding (1)$Failed to delete temp file for password decoding (2)$Failed to delete temp file for password decoding (3)$Failed to delete temp file for password decoding (4)$Failed to get encryption header for pwd-protect$Failed to get temp file for password decoding$Failed to open temp file (1)$Failed to password-decode data$InflateToTemp4$Not password protected.$Password decode successful.$Password incorrect for password-protected Zip$m_srcPwdProt$passwordDecode$tempFilename
                    • API String ID: 3519838083-3519389513
                    • Opcode ID: 1b95aca45063a0c3ef7dd5252f3f3e1091888370d511a01e3ca67d90c41fbc46
                    • Instruction ID: 69184a3a072bdf6082a616a05957418e3dabcabd63245a9dcf32b54ae86b8d17
                    • Opcode Fuzzy Hash: 1b95aca45063a0c3ef7dd5252f3f3e1091888370d511a01e3ca67d90c41fbc46
                    • Instruction Fuzzy Hash: 81C1D430600250ABDB15EB61C895BEEBBB4AF59308F00119FF442572D2DF7CAE89CB19
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00434FAF Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 452COMMON
                    Download Yara Rule
                    C-Code - Quality: 83%
                    			E00434FAF(void* __ecx, void* __edx, void* __fp0) {
				void* __edi;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				void* _t209;
				intOrPtr _t215;
				void* _t222;
				signed int _t227;
				signed int _t229;
				signed int _t231;
				void* _t234;
				signed int _t254;
				void* _t267;
				signed int _t281;
				signed int _t299;
				signed int* _t317;
				signed int* _t318;
				signed int* _t322;
				signed int* _t323;
				signed int _t328;
				void* _t346;
				signed int* _t392;
				void* _t401;
				void* _t414;
				signed int** _t417;
				char* _t418;
				char* _t422;
				signed int** _t423;
				void* _t424;
				void* _t426;
				void* _t429;
				void* _t439;

				_t439 = __fp0;
				_t414 = __edx;
				E004291C0(E00450119, _t429);
				_t426 = __ecx;
				_t328 = 0;
				_t203 =  *((intOrPtr*)(__ecx + 0x41));
				if(_t203 == 0) {
					L6:
					_t204 = E0040CE40(_t426 + 0xc0);
					__eflags = _t204;
					if(_t204 != 0) {
						L11:
						_t205 =  *(_t426 + 0x41);
						__eflags = _t205 - _t328;
						if(_t205 == _t328) {
							L27:
							_t416 = _t426 + 0xc0;
							 *(_t429 - 0x10) = _t426 + 0xc0;
							__eflags = E0040CE40(_t426 + 0xc0) - 0x8000000;
							if(__eflags >= 0) {
								L36:
								E00406110(_t429 - 0x54, __eflags);
								_t417 =  *(_t429 + 0x14);
								 *(_t429 - 4) = 5;
								_t209 = E004341DA(_t426, _t429, _t439, _t429 - 0x54, _t417);
								__eflags = _t209 - _t328;
								if(_t209 != _t328) {
									__eflags =  *((intOrPtr*)(_t426 + 0x40)) - _t328;
									if( *((intOrPtr*)(_t426 + 0x40)) != _t328) {
										__eflags =  *(_t426 + 0x41) - _t328;
										if( *(_t426 + 0x41) != _t328) {
											( *_t417)[5]("Source file too large to compress to memory.");
										}
										_t267 = E00446F00(_t429 - 0x54);
										 *(_t429 - 0x10) =  *_t417;
										_t417 =  *(_t429 + 0x14);
										( *(_t429 - 0x10))[0xa]("tempFile", _t267);
									}
									L00423AA0(_t429 - 0x154);
									_push(_t417);
									 *(_t429 - 4) = 6;
									__eflags = L004239E0(_t429 - 0x154, __eflags, E00446F00(_t429 - 0x54)) - _t328;
									if(__eflags != 0) {
										E00439434(_t429 - 0x104, __eflags, _t328);
										 *(_t429 - 4) = 7;
										E00443090(_t429 - 0x104, _t417, _t426);
										_t215 =  *((intOrPtr*)(_t426 + 0x10c));
										__eflags = _t215 - _t328;
										if(_t215 != _t328) {
											E0043942A(_t429 - 0x104, _t215);
										}
										__eflags =  *(_t426 + 0x41) - _t328;
										if(__eflags == 0) {
											_push(_t417);
											_push( *((intOrPtr*)(_t426 + 0xf0)));
											_push( *(_t429 + 0xc));
											_push( *(_t429 + 0x10));
											_push( *(_t429 + 8));
											_push(1);
											_push(_t429 - 0x154);
											_push(E0040CE40(_t426 + 0xc0));
											_push(E00446F00(_t426 + 0xc0));
											 *((char*)(_t429 + 0xf)) = L00439625(_t429 - 0x104, _t414, _t417);
											goto L53;
										} else {
											E00408BB0(_t429 - 0x1dc, __eflags);
											 *(_t429 - 4) = 8;
											E00408E00(_t429 - 0x1dc, E00446F00(_t426 + 0x80));
											L0041F650(_t429 - 0x1c);
											 *(_t429 - 4) = 9;
											__eflags = E0040C900(_t429 - 0x1c, _t429 - 0x1dc, _t429 - 0x2c, _t417);
											if(__eflags != 0) {
												_push(_t417);
												_push( *((intOrPtr*)(_t426 + 0xf0)));
												_push( *(_t429 + 0xc));
												_push( *(_t429 + 0x10));
												_push( *(_t429 + 8));
												_push(1);
												_push(_t429 - 0x154);
												_push(_t429 - 0x1c);
												 *((char*)(_t429 + 0xf)) = E00439473(_t429 - 0x104, _t414, _t417, __eflags);
												E0041F6C0(_t429 - 0x1c);
												 *(_t429 - 4) = 8;
												L0041F700(_t429 - 0x1c);
												 *(_t429 - 4) = 7;
												E00408C80(_t429 - 0x1dc);
												L53:
												E0041F6C0(_t429 - 0x114);
												__eflags =  *(_t426 + 0x7b) - _t328;
												if( *(_t426 + 0x7b) != _t328) {
													_t229 = E0040CE50(_t426 + 0x80);
													__eflags = _t229;
													if(_t229 != 0) {
														__eflags =  *((intOrPtr*)(_t426 + 0x40)) - _t328;
														if(__eflags != 0) {
															_t234 = E00446F00(_t426 + 0x80);
															 *(_t429 + 0x10) =  *_t417;
															_t417 =  *(_t429 + 0x14);
															( *(_t429 + 0x10))[0xa]("deletingTempFile", _t234);
														}
														_push(_t328);
														_t231 = L0040BE20(__eflags, E00446F00(_t426 + 0x80));
														__eflags = _t231;
														if(_t231 == 0) {
															( *_t417)[4]("Failed to delete zip temp file (A)");
														}
													}
												}
												 *(_t426 + 0x7b) = 1;
												_t222 = E004069E0(_t426 + 0x80, E00446F00(_t429 - 0x54));
												__eflags =  *((intOrPtr*)(_t426 + 0xe0)) - _t328;
												_t418 = _t426 + 0xe0;
												_t346 = _t426 + 0xc0;
												if( *((intOrPtr*)(_t426 + 0xe0)) != _t328) {
													E0040CE30(_t222, _t346);
												} else {
													E0040D120(_t346);
													 *_t418 = 1;
												}
												 *(_t426 + 0x41) = 1;
												 *(_t429 - 4) = 6;
												E00439468(_t429 - 0x104);
												_t328 =  *((intOrPtr*)(_t429 + 0xf));
												goto L63;
											}
											( *_t417)[4]("Failed to open file for reading (6)");
											_push(_t417);
											_t254 = L0040BEB0(__eflags, E00446F00(_t429 - 0x54));
											__eflags = _t254;
											if(_t254 == 0) {
												( *_t417)[4]("Failed to delete zip temp file (B)");
											}
											 *(_t429 - 4) = 8;
											L0041F700(_t429 - 0x1c);
											 *(_t429 - 4) = 7;
											E00408C80(_t429 - 0x1dc);
											 *(_t429 - 4) = 6;
											E00439468(_t429 - 0x104);
											 *(_t429 - 4) = 5;
											L00423B30(_t429 - 0x154);
											 *(_t429 - 4) =  *(_t429 - 4) | 0xffffffff;
											E00406400(_t429 - 0x54);
											_t227 = 0;
											goto L65;
										}
									} else {
										( *_t417)[4]("Failed to open temp file (2)");
										( *_t417)[0xa]("tempFilename", E00446F00(_t429 - 0x54));
										L63:
										 *(_t429 - 4) = 5;
										L00423B30(_t429 - 0x154);
										L64:
										_t197 = _t429 - 4;
										 *_t197 =  *(_t429 - 4) | 0xffffffff;
										__eflags =  *_t197;
										E00406400(_t429 - 0x54);
										_t227 = _t328;
										L65:
										 *[fs:0x0] =  *((intOrPtr*)(_t429 - 0xc));
										return _t227;
									}
								}
								( *_t417)[4]("Failed to get temp file for compression");
								goto L64;
							}
							E00439434(_t429 - 0x9c, __eflags, _t328);
							 *(_t429 - 4) = 3;
							E00443090(_t429 - 0x9c, _t416, _t426);
							_t276 =  *((intOrPtr*)(_t426 + 0x10c));
							__eflags =  *((intOrPtr*)(_t426 + 0x10c)) - _t328;
							if(__eflags != 0) {
								E0043942A(_t429 - 0x9c, _t276);
							}
							E0040D180(_t429 - 0xbc, __eflags);
							_push( *(_t429 + 0x14));
							 *(_t429 - 4) = 4;
							_push( *((intOrPtr*)(_t426 + 0xf0)));
							_push( *(_t429 + 0xc));
							_push( *(_t429 + 0x10));
							_push( *(_t429 + 8));
							_push(1);
							_push(_t429 - 0xbc);
							_push(E0040CE40(_t416));
							_push(E00446F00(_t416));
							_t281 = L00439AFA(_t429 - 0x9c, _t414, _t416);
							__eflags = _t281 - _t328;
							 *(_t429 + 0x17) = _t281;
							if(_t281 != _t328) {
								__eflags =  *((intOrPtr*)(_t426 + 0xe0)) - _t328;
								_t392 =  *(_t429 - 0x10);
								_t422 = _t426 + 0xe0;
								if( *((intOrPtr*)(_t426 + 0xe0)) != _t328) {
									E0040CE30(_t281, _t392);
								} else {
									E0040D120(_t392);
								}
								 *(_t426 + 0x7b) = _t328;
								 *(_t426 + 0x41) = _t328;
								 *_t422 = 1;
								L0040DAD0( *(_t429 - 0x10), _t429 - 0xbc);
							}
							 *(_t429 - 4) = 3;
							L0040D850(_t429 - 0xbc);
							 *(_t429 - 4) =  *(_t429 - 4) | 0xffffffff;
							E00439468(_t429 - 0x9c);
							_t227 =  *(_t429 + 0x17);
							goto L65;
						}
						__eflags =  *((intOrPtr*)(_t426 + 0xac)) - _t328;
						if(__eflags > 0) {
							L26:
							__eflags = _t205 - _t328;
							if(__eflags != 0) {
								goto L36;
							}
							goto L27;
						}
						if(__eflags < 0) {
							L15:
							__eflags =  *((intOrPtr*)(_t426 + 0x40)) - _t328;
							_t423 =  *(_t429 + 0x14);
							if(__eflags != 0) {
								( *_t423)[5]("Source file is small enough to compress to memory.");
								( *_t423)[0xc]("sourceFileSize",  *((intOrPtr*)(_t426 + 0xa8)),  *((intOrPtr*)(_t426 + 0xac)));
							}
							E00439434(_t429 - 0x9c, __eflags, _t328);
							 *(_t429 - 4) = _t328;
							E00443090(_t429 - 0x9c, _t423, _t426);
							_t291 =  *((intOrPtr*)(_t426 + 0x10c));
							__eflags =  *((intOrPtr*)(_t426 + 0x10c)) - _t328;
							if(__eflags != 0) {
								E0043942A(_t429 - 0x9c, _t291);
							}
							E00408BB0(_t429 - 0x264, __eflags);
							 *(_t429 - 4) = 1;
							E00408E00(_t429 - 0x264, E00446F00(_t426 + 0x80));
							L0041F650(_t429 - 0x28);
							 *(_t429 - 4) = 2;
							_t299 = E0040C900(_t429 - 0x28, _t429 - 0x264, _t429 - 0x10, _t423);
							__eflags = _t299;
							if(_t299 != 0) {
								__eflags =  *((intOrPtr*)(_t426 + 0xe0)) - _t328;
								_t424 = _t426 + 0xc0;
								_t401 = _t424;
								if(__eflags != 0) {
									E0040CE30(_t299, _t401);
								} else {
									E0040D120(_t401);
									 *((char*)(_t426 + 0xe0)) = 1;
								}
								_push( *(_t429 + 0x14));
								_push( *((intOrPtr*)(_t426 + 0xf0)));
								_push( *(_t429 + 0xc));
								_push( *(_t429 + 0x10));
								_push( *(_t429 + 8));
								_push(1);
								_push(_t424);
								_push(_t429 - 0x28);
								 *(_t429 + 0x17) = L0043995A(_t429 - 0x9c, _t414, _t424, __eflags);
								E0041F6C0(_t429 - 0x28);
								 *(_t426 + 0x7b) = _t328;
								 *(_t426 + 0x41) = _t328;
								 *((char*)(_t426 + 0xe0)) = 1;
							} else {
								( *_t423)[4]("Failed to open file for reading (6a)");
								 *(_t429 + 0x17) = _t328;
							}
							 *(_t429 - 4) = 1;
							L0041F700(_t429 - 0x28);
							 *(_t429 - 4) = _t328;
							E00408C80(_t429 - 0x264);
							 *(_t429 - 4) =  *(_t429 - 4) | 0xffffffff;
							E00439468(_t429 - 0x9c);
							_t227 =  *(_t429 + 0x17);
							goto L65;
						}
						__eflags =  *((intOrPtr*)(_t426 + 0xa8)) - 0x5b8d80;
						if( *((intOrPtr*)(_t426 + 0xa8)) >= 0x5b8d80) {
							goto L26;
						}
						goto L15;
					}
					__eflags =  *((intOrPtr*)(_t426 + 0x40)) - _t328;
					if( *((intOrPtr*)(_t426 + 0x40)) != _t328) {
						( *( *(_t429 + 0x14)))[5]("Source is in-memory and zero-length.");
					}
					 *( *(_t429 + 8)) = _t328;
					_t317 =  *(_t429 + 0xc);
					 *_t317 = _t328;
					_t317[1] = _t328;
					_t318 =  *(_t429 + 0x10);
					 *_t318 = _t328;
					_t318[1] = _t328;
					L10:
					_t227 = 1;
					goto L65;
				}
				if( *((intOrPtr*)(__ecx + 0x42)) == 0) {
					__eflags = _t203;
					if(_t203 != 0) {
						goto L11;
					}
					goto L6;
				}
				if( *((intOrPtr*)(__ecx + 0x40)) != 0) {
					( *( *(_t429 + 0x14)))[5]("Source is an empty file.");
				}
				 *( *(_t429 + 8)) = _t328;
				_t322 =  *(_t429 + 0xc);
				 *_t322 = _t328;
				_t322[1] = _t328;
				_t323 =  *(_t429 + 0x10);
				 *_t323 = _t328;
				_t323[1] = _t328;
				 *(_t426 + 0x41) = _t328;
				 *(_t426 + 0x7b) = _t328;
				E0040CE30(_t323, _t426 + 0xc0);
				goto L10;
			}



































                    0x00434faf
                    0x00434faf
                    0x00434fb4
                    0x00434fc1
                    0x00434fc3
                    0x00434fc6
                    0x00434fcb
                    0x00435010
                    0x00435016
                    0x0043501b
                    0x0043501d
                    0x0043504d
                    0x0043504d
                    0x00435050
                    0x00435052
                    0x004351d0
                    0x004351d0
                    0x004351d8
                    0x004351e0
                    0x004351e5
                    0x004352c7
                    0x004352ca
                    0x004352cf
                    0x004352d9
                    0x004352e0
                    0x004352e5
                    0x004352e7
                    0x004352fa
                    0x004352fd
                    0x004352ff
                    0x00435302
                    0x0043530d
                    0x0043530d
                    0x00435315
                    0x0043531a
                    0x0043531d
                    0x0043532b
                    0x0043532b
                    0x00435334
                    0x00435339
                    0x0043533d
                    0x00435352
                    0x00435354
                    0x00435383
                    0x0043538f
                    0x00435393
                    0x00435398
                    0x0043539e
                    0x004353a0
                    0x004353a9
                    0x004353a9
                    0x004353ae
                    0x004353b1
                    0x004354ce
                    0x004354d5
                    0x004354e1
                    0x004354e4
                    0x004354e7
                    0x004354ea
                    0x004354ec
                    0x004354f2
                    0x004354fe
                    0x0043550a
                    0x00000000
                    0x004353b7
                    0x004353bd
                    0x004353c8
                    0x004353d8
                    0x004353e0
                    0x004353f5
                    0x00435401
                    0x00435403
                    0x0043547e
                    0x00435485
                    0x00435491
                    0x00435494
                    0x00435497
                    0x0043549a
                    0x0043549c
                    0x004354a0
                    0x004354a9
                    0x004354ac
                    0x004354b4
                    0x004354b8
                    0x004354c3
                    0x004354c7
                    0x0043550d
                    0x00435513
                    0x00435518
                    0x0043551b
                    0x00435523
                    0x00435528
                    0x0043552a
                    0x0043552c
                    0x0043552f
                    0x00435539
                    0x0043553e
                    0x00435541
                    0x0043554f
                    0x0043554f
                    0x00435552
                    0x0043555f
                    0x00435565
                    0x00435568
                    0x00435573
                    0x00435573
                    0x00435568
                    0x0043552a
                    0x00435579
                    0x00435589
                    0x0043558e
                    0x00435594
                    0x0043559a
                    0x004355a0
                    0x004355ac
                    0x004355a2
                    0x004355a2
                    0x004355a7
                    0x004355a7
                    0x004355b7
                    0x004355bb
                    0x004355bf
                    0x004355c4
                    0x00000000
                    0x004355c4
                    0x0043540e
                    0x00435411
                    0x0043541b
                    0x00435421
                    0x00435424
                    0x0043542f
                    0x0043542f
                    0x00435435
                    0x00435439
                    0x00435444
                    0x00435448
                    0x00435453
                    0x00435457
                    0x00435462
                    0x00435466
                    0x0043546b
                    0x00435472
                    0x00435477
                    0x00000000
                    0x00435477
                    0x00435356
                    0x0043535f
                    0x00435374
                    0x004355c7
                    0x004355cd
                    0x004355d1
                    0x004355d6
                    0x004355d6
                    0x004355d6
                    0x004355d6
                    0x004355dd
                    0x004355e2
                    0x004355e4
                    0x004355ea
                    0x004355f2
                    0x004355f2
                    0x00435354
                    0x004352f2
                    0x00000000
                    0x004352f2
                    0x004351f2
                    0x004351fe
                    0x00435205
                    0x0043520a
                    0x00435210
                    0x00435212
                    0x0043521b
                    0x0043521b
                    0x00435226
                    0x0043522b
                    0x00435236
                    0x0043523a
                    0x00435240
                    0x00435243
                    0x00435246
                    0x00435249
                    0x0043524b
                    0x00435251
                    0x00435259
                    0x00435260
                    0x00435265
                    0x00435267
                    0x0043526a
                    0x0043526c
                    0x00435272
                    0x00435275
                    0x0043527b
                    0x00435284
                    0x0043527d
                    0x0043527d
                    0x0043527d
                    0x00435293
                    0x00435296
                    0x00435299
                    0x0043529c
                    0x0043529c
                    0x004352a7
                    0x004352ab
                    0x004352b0
                    0x004352ba
                    0x004352bf
                    0x00000000
                    0x004352bf
                    0x00435058
                    0x0043505e
                    0x004351c8
                    0x004351c8
                    0x004351ca
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004351ca
                    0x00435064
                    0x00435076
                    0x00435076
                    0x00435079
                    0x0043507c
                    0x00435087
                    0x0043509f
                    0x0043509f
                    0x004350a9
                    0x004350b5
                    0x004350b8
                    0x004350bd
                    0x004350c3
                    0x004350c5
                    0x004350ce
                    0x004350ce
                    0x004350d9
                    0x004350e4
                    0x004350f4
                    0x004350fc
                    0x00435111
                    0x00435115
                    0x0043511d
                    0x0043511f
                    0x00435132
                    0x00435138
                    0x0043513e
                    0x00435140
                    0x00435150
                    0x00435142
                    0x00435142
                    0x00435147
                    0x00435147
                    0x00435155
                    0x00435161
                    0x00435167
                    0x0043516a
                    0x0043516d
                    0x00435170
                    0x00435172
                    0x00435173
                    0x0043517c
                    0x0043517f
                    0x00435187
                    0x0043518a
                    0x0043518d
                    0x00435121
                    0x0043512a
                    0x0043512d
                    0x0043512d
                    0x0043519a
                    0x0043519e
                    0x004351a9
                    0x004351ac
                    0x004351b1
                    0x004351bb
                    0x004351c0
                    0x00000000
                    0x004351c0
                    0x00435066
                    0x00435070
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00435070
                    0x0043501f
                    0x00435022
                    0x0043502e
                    0x0043502e
                    0x00435034
                    0x00435036
                    0x00435039
                    0x0043503b
                    0x0043503e
                    0x00435041
                    0x00435043
                    0x00435046
                    0x00435046
                    0x00000000
                    0x00435046
                    0x00434fd0
                    0x0043500c
                    0x0043500e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043500e
                    0x00434fd5
                    0x00434fe1
                    0x00434fe1
                    0x00434fed
                    0x00434fef
                    0x00434ff2
                    0x00434ff4
                    0x00434ff7
                    0x00434ffa
                    0x00434ffc
                    0x00434fff
                    0x00435002
                    0x00435005
                    0x00000000

                    APIs
                    Strings
                    • Source is in-memory and zero-length., xrefs: 00435027
                    • Source is an empty file., xrefs: 00434FDA
                    • Failed to open file for reading (6), xrefs: 00435407
                    • Failed to open temp file (2), xrefs: 00435358
                    • Failed to delete zip temp file (A), xrefs: 0043556C
                    • deletingTempFile, xrefs: 00435548
                    • Source file is small enough to compress to memory., xrefs: 00435080
                    • tempFile, xrefs: 00435324
                    • Failed to delete zip temp file (B), xrefs: 00435428
                    • Source file too large to compress to memory., xrefs: 00435306
                    • Failed to get temp file for compression, xrefs: 004352EB
                    • sourceFileSize, xrefs: 0043509A
                    • Failed to open file for reading (6a), xrefs: 00435123
                    • tempFilename, xrefs: 0043536D
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Failed to delete zip temp file (A)$Failed to delete zip temp file (B)$Failed to get temp file for compression$Failed to open file for reading (6)$Failed to open file for reading (6a)$Failed to open temp file (2)$Source file is small enough to compress to memory.$Source file too large to compress to memory.$Source is an empty file.$Source is in-memory and zero-length.$deletingTempFile$sourceFileSize$tempFile$tempFilename
                    • API String ID: 3519838083-1535423370
                    • Opcode ID: 0e120fc1a3a6b89a74196d25ba5afa1beb8826b7c9dfefdfe103c71e2a8f9498
                    • Instruction ID: f30ba92fe43f6a0a8cc6dcf919c7e560ebcd15af7ee4c6375e3e2441850dbf85
                    • Opcode Fuzzy Hash: 0e120fc1a3a6b89a74196d25ba5afa1beb8826b7c9dfefdfe103c71e2a8f9498
                    • Instruction Fuzzy Hash: E9120530400649DFCF15EFA4C851BEEBBB5AF19304F14449FE48667282DB386A49CF69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042E29E Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON
                    Download Yara Rule
                    C-Code - Quality: 63%
                    			E0042E29E(int _a4, int _a8, signed char _a9, char* _a12, int _a16, char _a20, int _a24, int _a28, signed int _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x455638);
				_push(E0042D474);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x473ab4; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E0042E4C2(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x473ab4; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x473aac; // 0x0
								_a28 = _t82;
							}
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~_a32 & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E00429440(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E00429440(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_t58 =  &_a20; // 0x432254
													_push( *_t58);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0) {
												L30:
												_t62 = _t99;
											} else {
												if(_t99 > _a24) {
													goto L21;
												} else {
													_t40 =  &_a20; // 0x432254
													if(LCMapStringW(_a4, _a8, _v40, _t88,  *_t40, _a24) != 0) {
														goto L30;
													} else {
														goto L21;
													}
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t7 =  &_a20; // 0x432254
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16,  *_t7, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x455634, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x455630, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x473ab4 = 2;
							goto L5;
						}
					} else {
						 *0x473ab4 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                    0x0042e2a1
                    0x0042e2a3
                    0x0042e2a8
                    0x0042e2b3
                    0x0042e2b4
                    0x0042e2bb
                    0x0042e2c1
                    0x0042e2c6
                    0x0042e2cc
                    0x0042e314
                    0x0042e317
                    0x0042e31f
                    0x0042e325
                    0x0042e326
                    0x0042e326
                    0x0042e329
                    0x0042e331
                    0x0042e353
                    0x00000000
                    0x0042e359
                    0x0042e35c
                    0x0042e35e
                    0x0042e363
                    0x0042e363
                    0x0042e373
                    0x0042e383
                    0x0042e385
                    0x0042e38a
                    0x00000000
                    0x0042e390
                    0x0042e390
                    0x0042e39b
                    0x0042e3a0
                    0x0042e3a5
                    0x0042e3a8
                    0x0042e3c4
                    0x00000000
                    0x0042e3df
                    0x0042e3f1
                    0x0042e3f3
                    0x0042e3f8
                    0x00000000
                    0x0042e3fa
                    0x0042e3fe
                    0x0042e440
                    0x0042e44f
                    0x0042e454
                    0x0042e457
                    0x0042e459
                    0x0042e45c
                    0x0042e476
                    0x00000000
                    0x0042e490
                    0x0042e493
                    0x0042e494
                    0x0042e495
                    0x0042e49b
                    0x0042e49e
                    0x0042e49e
                    0x0042e497
                    0x0042e497
                    0x0042e498
                    0x0042e498
                    0x0042e4b1
                    0x0042e4b5
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e4b5
                    0x0042e400
                    0x0042e403
                    0x0042e4bb
                    0x0042e4bb
                    0x0042e409
                    0x0042e40c
                    0x00000000
                    0x0042e40e
                    0x0042e411
                    0x0042e426
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e426
                    0x0042e40c
                    0x0042e403
                    0x0042e3fe
                    0x0042e3f8
                    0x0042e3c4
                    0x0042e38a
                    0x0042e333
                    0x0042e336
                    0x0042e345
                    0x0042e345
                    0x0042e2ce
                    0x0042e2ce
                    0x0042e2cf
                    0x0042e2d2
                    0x0042e2e8
                    0x0042e304
                    0x0042e42c
                    0x0042e42c
                    0x0042e30a
                    0x0042e30a
                    0x00000000
                    0x0042e30a
                    0x0042e2ea
                    0x0042e2ea
                    0x00000000
                    0x0042e2ea
                    0x0042e2e8
                    0x0042e434
                    0x0042e43f

                    APIs
                    • LCMapStringW.KERNEL32(00000000,00000100,00455634,00000001,00000000,00000000,00000103,00000001,00000000,?,00432254,00200020,00000000,?,00000000,00000000), ref: 0042E2E0
                    • LCMapStringA.KERNEL32(00000000,00000100,00455630,00000001,00000000,00000000,?,00432254,00200020,00000000,?,00000000,00000000,00000001), ref: 0042E2FC
                    • LCMapStringA.KERNEL32(?,?,?,?,T"C ,?,00000103,00000001,00000000,?,00432254,00200020,00000000,?,00000000,00000000), ref: 0042E345
                    • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00200020,00000000,00000000,00000103,00000001,00000000,?,00432254,00200020,00000000,?,00000000,00000000), ref: 0042E37D
                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E3D5
                    • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E3EB
                    • LCMapStringW.KERNEL32(?,?,?,00000000,T"C ,?,?,00432254,00200020,00000000,?,00000000), ref: 0042E41E
                    • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E486
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: String$ByteCharMultiWide
                    • String ID: T"C $pYqt
                    • API String ID: 352835431-1576323800
                    • Opcode ID: 50284b42beede524dcb0defb57ad26d9fbe9bdde85cca26aa3b6ca58955ca16d
                    • Instruction ID: f9897e29c216ec2034d7ca0d8f74571b33c5d8ceb64ebd7c0ae9371457180c03
                    • Opcode Fuzzy Hash: 50284b42beede524dcb0defb57ad26d9fbe9bdde85cca26aa3b6ca58955ca16d
                    • Instruction Fuzzy Hash: FE51F231A00268EFCF229F56EC45AEF7FB5FB48755F10412AF804A2261C3399D51DB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004012A1 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 122windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 61%
                    			E004012A1(void* __eax, int __ebx, intOrPtr __edx) {
				intOrPtr _t39;
				void* _t43;
				int _t53;
				intOrPtr _t92;
				void* _t93;
				void* _t98;
				void* _t101;

				_t92 = __edx;
				_t66 = __ebx;
				_t93 = E00408340(_t101, __eax);
				_t102 = _t93 - __ebx;
				if(_t93 != __ebx) {
					_t39 = E00408440(E00407080(0x472548, _t93), _t93, _t92, __ebx);
					__eflags = _t92 - __ebx;
					 *0x4726f0 = _t39;
					 *0x4726f4 = _t92;
					if(__eflags > 0) {
						L7:
						__eflags = E00407090(0x472548) - _t66;
						if(__eflags != 0) {
							E00406110(_t98 - 0x34, __eflags);
							 *(_t98 - 4) = 2;
							_t43 = E00407140(0x472548, _t98 - 0x34);
							__eflags = _t43 - _t66;
							if(_t43 != _t66) {
								__eflags = E00407500(0x472548) - _t66;
								if(__eflags != 0) {
									E00408BB0(_t98 - 0x16c, __eflags);
									 *(_t98 - 4) = 3;
									E00407470(0x472548, __eflags, "xmlConfig", _t98 - 0x16c);
									E004048A8(0x472498, _t98 - 0x16c);
									 *(_t98 - 4) = 2;
									E00408C80(_t98 - 0x16c);
									 *(_t98 + 0xb) = 1;
								} else {
									_push(_t66);
									_push("Error");
									_push("Failed to read internal args.");
									goto L11;
								}
							} else {
								_push("Failed to read internal header: ");
								L004057A0();
								_push(_t66);
								_push("Error");
								_push(E00446F00(_t98 - 0x34));
								L11:
								MessageBoxA( *(_t98 + 8), ??, ??, ??);
								 *(_t98 + 0xb) = _t66;
							}
							 *(_t98 - 4) = _t66;
							E00406400(_t98 - 0x34);
						} else {
							_push(_t66);
							_push("Error");
							_push("Failed to find marker.");
							goto L6;
						}
					} else {
						if(__eflags < 0) {
							L5:
							_push(_t66);
							_push("Error");
							_push("Failed to get file size.");
							L6:
							MessageBoxA( *(_t98 + 8), ??, ??, ??);
							 *(_t98 + 0xb) = _t66;
						} else {
							__eflags = _t39 - __ebx;
							if(_t39 >= __ebx) {
								goto L7;
							} else {
								goto L5;
							}
						}
					}
					_t31 = _t98 - 4;
					 *_t31 =  *(_t98 - 4) | 0xffffffff;
					__eflags =  *_t31;
					E00408C80(_t98 - 0xe4);
					_t53 =  *(_t98 + 0xb);
				} else {
					E00406110(_t98 - 0x5c, _t102);
					 *(_t98 - 4) = 1;
					L00405CB0("Failed to open EXE: ");
					L00405CB0(E004093B0(_t98 - 0xe4));
					MessageBoxA( *(_t98 + 8), E00446F00(_t98 - 0x5c), "Error", __ebx);
					 *(_t98 - 4) = __ebx;
					E00406400(_t98 - 0x5c);
					 *(_t98 - 4) =  *(_t98 - 4) | 0xffffffff;
					E00408C80(_t98 - 0xe4);
					_t53 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				return _t53;
			}










                    0x004012a1
                    0x004012a1
                    0x004012a7
                    0x004012aa
                    0x004012ad
                    0x00401326
                    0x0040132b
                    0x0040132d
                    0x00401332
                    0x00401338
                    0x0040135c
                    0x00401363
                    0x00401365
                    0x00401377
                    0x00401382
                    0x00401386
                    0x0040138b
                    0x0040138d
                    0x004013c0
                    0x004013c2
                    0x004013d7
                    0x004013ea
                    0x004013ee
                    0x004013ff
                    0x0040140a
                    0x0040140e
                    0x00401413
                    0x004013c4
                    0x004013c4
                    0x004013c5
                    0x004013ca
                    0x00000000
                    0x004013ca
                    0x0040138f
                    0x0040138f
                    0x00401397
                    0x0040139c
                    0x0040139d
                    0x004013aa
                    0x004013ab
                    0x004013ae
                    0x004013b4
                    0x004013b4
                    0x0040141a
                    0x0040141d
                    0x00401367
                    0x00401367
                    0x00401368
                    0x0040136d
                    0x00000000
                    0x0040136d
                    0x0040133a
                    0x0040133a
                    0x00401340
                    0x00401340
                    0x00401341
                    0x00401346
                    0x0040134b
                    0x0040134e
                    0x00401354
                    0x0040133c
                    0x0040133c
                    0x0040133e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040133e
                    0x0040133a
                    0x00401422
                    0x00401422
                    0x00401422
                    0x0040142c
                    0x00401431
                    0x004012af
                    0x004012b2
                    0x004012bf
                    0x004012c3
                    0x004012d7
                    0x004012ee
                    0x004012f7
                    0x004012fa
                    0x004012ff
                    0x00401309
                    0x0040130e
                    0x0040130e
                    0x0040143a
                    0x00401442

                    APIs
                    • MessageBoxA.USER32 ref: 0040134E
                      • Part of subcall function 004093B0: GetACP.KERNEL32(00000000,00000000,?), ref: 00409423
                    • MessageBoxA.USER32 ref: 004012EE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: Message
                    • String ID: Error$Failed to find marker.$Failed to get file size.$Failed to open EXE: $Failed to read internal args.$Failed to read internal header: $H%G$xmlConfig
                    • API String ID: 2030045667-2801084446
                    • Opcode ID: c80751de15698dd028572b02195b542720b1f1adf8646288dbde1c122fc1d821
                    • Instruction ID: e316684c0e3758f961c2891dcd9a9ca4df17ec909c884bc43624c06b0958553e
                    • Opcode Fuzzy Hash: c80751de15698dd028572b02195b542720b1f1adf8646288dbde1c122fc1d821
                    • Instruction Fuzzy Hash: AF41B330945208AEDB04EB61DD96BEDBB689B11708F60407FF846731E3DA7C1A498A6D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00434C1A Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 143COMMON
                    Download Yara Rule
                    C-Code - Quality: 70%
                    			E00434C1A(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t48;
				signed int _t49;
				signed int _t50;
				signed int _t56;
				intOrPtr _t57;
				void* _t70;
				intOrPtr* _t78;
				signed int _t80;
				void* _t108;
				intOrPtr* _t111;
				void* _t114;
				void* _t116;

				_t108 = __edx;
				E004291C0(E00450080, _t116);
				_t78 =  *((intOrPtr*)(_t116 + 0xc));
				_t114 = __ecx;
				 *_t78 = 0;
				if( *((intOrPtr*)(__ecx + 0xb4)) != 0) {
					E00439434(_t116 - 0x54, __eflags, 0);
					 *(_t116 - 4) = 0;
					E00443090(_t116 - 0x54, 0, __ecx);
					_t48 =  *(_t114 + 0x10c);
					__eflags = _t48;
					if(_t48 != 0) {
						E0043942A(_t116 - 0x54, _t48);
					}
					_t49 = L00433A67(_t114);
					__eflags = _t49;
					if(_t49 == 0) {
						__eflags =  *((char*)(_t114 + 0x41));
						if( *((char*)(_t114 + 0x41)) == 0) {
							_t79 = _t114 + 0xc0;
							_t50 = E0040CE40(_t114 + 0xc0);
							__eflags = _t50;
							if(_t50 != 0) {
								__eflags =  *((char*)(_t114 + 0x40));
								_t111 =  *((intOrPtr*)(_t116 + 8));
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t111 + 0x14))("inflating from in-memory compressed data");
								}
								_push( *((intOrPtr*)(_t114 + 0x40)));
								_push(_t111);
								_push( *((intOrPtr*)(_t116 + 0xc)));
								_push( *((intOrPtr*)(_t114 + 0xb4)));
								_push(E0040CE40(_t79));
								_push(E00446F00(_t79));
								_t80 = E0043AB0C(_t116 - 0x54, __eflags);
								__eflags = _t80;
								if(_t80 == 0) {
									_t57 =  *_t111;
									_push("Inflate from memory source failed.");
									goto L22;
								}
							} else {
								__eflags =  *((intOrPtr*)(_t114 + 0x40)) - _t50;
								if( *((intOrPtr*)(_t114 + 0x40)) != _t50) {
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t116 + 8)))) + 0x14))("compressed source is empty.");
								}
								_t80 = 1;
							}
						} else {
							__eflags =  *((char*)(_t114 + 0x40));
							_t111 =  *((intOrPtr*)(_t116 + 8));
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t111 + 0x14))("inflating from a file");
								 *((intOrPtr*)( *_t111 + 0x28))("fromFile", E00446F00(_t114 + 0x80));
							}
							_push( *((intOrPtr*)(_t114 + 0x40)));
							_push(_t111);
							_push( *((intOrPtr*)(_t116 + 0xc)));
							_push( *((intOrPtr*)(_t114 + 0xb4)));
							_push(E00446F00(_t114 + 0x80));
							_t80 = E0043A6E5(_t116 - 0x54, _t108, __eflags);
							__eflags = _t80;
							if(_t80 == 0) {
								_t57 =  *_t111;
								_push("Inflate from file source failed.");
								goto L22;
							}
						}
					} else {
						__eflags =  *((char*)(_t114 + 0x40));
						_t111 =  *((intOrPtr*)(_t116 + 8));
						if( *((char*)(_t114 + 0x40)) != 0) {
							 *((intOrPtr*)( *_t111 + 0x14))("inflating from a data source");
						}
						_t70 = L00433A56(_t114);
						_push( *((intOrPtr*)(_t114 + 0x40)));
						_push(_t78);
						_push(_t114 + 0x108);
						_push(_t111);
						_push( *((intOrPtr*)(_t114 + 0xb4)));
						_push(_t70);
						_t80 = E0043A990(_t116 - 0x54, __eflags);
						__eflags = _t80;
						if(_t80 == 0) {
							_t57 =  *_t111;
							_push("Inflate from data source failed.");
							L22:
							 *((intOrPtr*)(_t57 + 0x10))();
						}
					}
					_t40 = _t116 - 4;
					 *_t40 =  *(_t116 - 4) | 0xffffffff;
					__eflags =  *_t40;
					E00439468(_t116 - 0x54);
					_t56 = _t80;
				} else {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t116 + 8)))) + 0x10))("No dest out for inflate.");
					_t56 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t116 - 0xc));
				return _t56;
			}
















                    0x00434c1a
                    0x00434c1f
                    0x00434c28
                    0x00434c2d
                    0x00434c31
                    0x00434c39
                    0x00434c53
                    0x00434c5c
                    0x00434c5f
                    0x00434c64
                    0x00434c6a
                    0x00434c6c
                    0x00434c72
                    0x00434c72
                    0x00434c79
                    0x00434c7e
                    0x00434c80
                    0x00434cd0
                    0x00434cd4
                    0x00434d34
                    0x00434d3c
                    0x00434d41
                    0x00434d43
                    0x00434d5b
                    0x00434d5f
                    0x00434d62
                    0x00434d6d
                    0x00434d6d
                    0x00434d75
                    0x00434d76
                    0x00434d77
                    0x00434d7a
                    0x00434d85
                    0x00434d8d
                    0x00434d96
                    0x00434d98
                    0x00434d9a
                    0x00434d9c
                    0x00434d9e
                    0x00000000
                    0x00434d9e
                    0x00434d45
                    0x00434d45
                    0x00434d48
                    0x00434d54
                    0x00434d54
                    0x00434d57
                    0x00434d57
                    0x00434cd6
                    0x00434cd6
                    0x00434cda
                    0x00434cdd
                    0x00434ce8
                    0x00434d00
                    0x00434d00
                    0x00434d0c
                    0x00434d0d
                    0x00434d0e
                    0x00434d11
                    0x00434d1c
                    0x00434d25
                    0x00434d27
                    0x00434d29
                    0x00434d2b
                    0x00434d2d
                    0x00000000
                    0x00434d2d
                    0x00434d29
                    0x00434c82
                    0x00434c82
                    0x00434c86
                    0x00434c89
                    0x00434c94
                    0x00434c94
                    0x00434c99
                    0x00434ca1
                    0x00434ca8
                    0x00434ca9
                    0x00434caa
                    0x00434cae
                    0x00434cb4
                    0x00434cba
                    0x00434cbc
                    0x00434cbe
                    0x00434cc4
                    0x00434cc6
                    0x00434da3
                    0x00434da5
                    0x00434da5
                    0x00434cbe
                    0x00434da8
                    0x00434da8
                    0x00434da8
                    0x00434daf
                    0x00434db4
                    0x00434c3b
                    0x00434c45
                    0x00434c48
                    0x00434c48
                    0x00434dbc
                    0x00434dc4

                    APIs
                    Strings
                    • No dest out for inflate., xrefs: 00434C3E
                    • inflating from in-memory compressed data, xrefs: 00434D66
                    • Inflate from memory source failed., xrefs: 00434D9E
                    • inflating from a data source, xrefs: 00434C8D
                    • compressed source is empty., xrefs: 00434D4D
                    • Inflate from data source failed., xrefs: 00434CC6
                    • inflating from a file, xrefs: 00434CE1
                    • Inflate from file source failed., xrefs: 00434D2D
                    • fromFile, xrefs: 00434CF9
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Inflate from data source failed.$Inflate from file source failed.$Inflate from memory source failed.$No dest out for inflate.$compressed source is empty.$fromFile$inflating from a data source$inflating from a file$inflating from in-memory compressed data
                    • API String ID: 3519838083-3998916552
                    • Opcode ID: 34520cb827735d095a92ebda22f5fd6df2171c9041427a9864cb133c68af984b
                    • Instruction ID: cb21c431d6a10b89ed49ae943017a4cef19a3b6a3a4ccf4275773be23671feb3
                    • Opcode Fuzzy Hash: 34520cb827735d095a92ebda22f5fd6df2171c9041427a9864cb133c68af984b
                    • Instruction Fuzzy Hash: B251C331200200AFDB25DF61C895FEE7BA5AF9A304F14540EF9835B291DB38BD09CB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040231B Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 88windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 89%
                    			E0040231B(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* _t21;
				void* _t59;
				void* _t61;
				void* _t62;
				intOrPtr _t67;
				intOrPtr _t70;
				intOrPtr _t72;

				_t55 = __edx;
				E004291C0(E0044D49B, _t59);
				_t62 = _t61 - 0x88;
				_t57 =  *((intOrPtr*)(_t59 + 0x10));
				_push( *((intOrPtr*)(_t59 + 0x10)));
				E0040229F(__ecx, __eflags);
				_t67 =  *0x4726e0; // 0x0
				if(_t67 != 0) {
					E00429235(0, __edx,  *0x4726e0, "temp unzipDir = [%s]\r\n", E00446F00(_t57));
					_t62 = _t62 + 0xc;
				}
				if((E0040488A(0x472498, "Debug") & 0xffffff00 | _t19 != 0x00000000) != 0) {
					L9:
					_t21 = 1;
				} else {
					_t70 =  *0x4726e0; // 0x0
					if(_t70 != 0) {
						E00429235(0, _t55,  *0x4726e0, "Check/create unzip dir: [%s]\r\n", E00446F00(_t57));
						_t62 = _t62 + 0xc;
					}
					_push(0);
					_push( *((intOrPtr*)(_t59 + 0xc)));
					if(E0040EEB0(_t55, _t70, E00446F00(_t57)) != 0) {
						goto L9;
					} else {
						_t72 =  *0x4726e0; // 0x0
						if(_t72 != 0) {
							E00429235(0, _t55,  *0x4726e0, "failed to ensure dir exists: [%s]\r\n", E00446F00(_t57));
						}
						E00408BB0(_t59 - 0x94, _t72);
						 *(_t59 - 4) = 0;
						L00409700(_t59 - 0x94, "Failed to ensure dir exists: ");
						L00409700(_t59 - 0x94, E00446F00(_t57));
						MessageBoxW( *(_t59 + 8), E00409030(_t59 - 0x94, _t59), L"Error", 0);
						EndDialog( *(_t59 + 8), 0);
						PostQuitMessage(0);
						 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
						E00408C80(_t59 - 0x94);
						_t21 = 0;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return _t21;
			}











                    0x0040231b
                    0x00402320
                    0x00402325
                    0x0040232d
                    0x00402330
                    0x00402331
                    0x00402339
                    0x0040233f
                    0x00402354
                    0x00402359
                    0x00402359
                    0x00402372
                    0x0040244a
                    0x0040244a
                    0x00402378
                    0x00402378
                    0x0040237e
                    0x00402393
                    0x00402398
                    0x00402398
                    0x0040239b
                    0x0040239e
                    0x004023b1
                    0x00000000
                    0x004023b7
                    0x004023b7
                    0x004023bd
                    0x004023d2
                    0x004023d7
                    0x004023e0
                    0x004023f0
                    0x004023f3
                    0x00402406
                    0x00402420
                    0x0040242a
                    0x00402431
                    0x00402437
                    0x00402441
                    0x00402446
                    0x00402446
                    0x004023b1
                    0x00402451
                    0x00402459

                    APIs
                    • __EH_prolog.LIBCMT ref: 00402320
                      • Part of subcall function 0040229F: __EH_prolog.LIBCMT ref: 004022A4
                    • MessageBoxW.USER32(?,00000000,Error,00000000), ref: 00402420
                    • EndDialog.USER32(?,00000000), ref: 0040242A
                    • PostQuitMessage.USER32(00000000), ref: 00402431
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prologMessage$DialogPostQuit
                    • String ID: Check/create unzip dir: [%s]$Debug$Error$Failed to ensure dir exists: $failed to ensure dir exists: [%s]$temp unzipDir = [%s]
                    • API String ID: 1030156222-1159988403
                    • Opcode ID: 58a4085c683e72110efee130a8ed70fece26aa4513674bed552646502ba9eaa7
                    • Instruction ID: 70b7f14645020efea775f3b98710022b008d01ab728dcc229146336dd72ea375
                    • Opcode Fuzzy Hash: 58a4085c683e72110efee130a8ed70fece26aa4513674bed552646502ba9eaa7
                    • Instruction Fuzzy Hash: D221A071900224AADB10BF71EE52FAE3329EB00348F04417FB909721E2DB7C1E498A5E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042EE62 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 170COMMON
                    Download Yara Rule
                    C-Code - Quality: 69%
                    			E0042EE62(int _a4, int _a8, signed char _a9, short* _a12, int _a16, short* _a20, int _a24, int _a28) {
				signed int _v8;
				intOrPtr _v20;
				char* _v28;
				char* _v32;
				int _v36;
				char* _v40;
				int _v48;
				void* _v60;
				int _t55;
				int _t56;
				int _t57;
				int _t69;
				int _t71;
				int _t72;
				char* _t77;
				int _t78;
				void* _t79;
				int _t84;
				intOrPtr _t89;
				char* _t90;
				int _t93;

				_push(0xffffffff);
				_push(0x455708);
				_push(E0042D474);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t89;
				_t90 = _t89 - 0x1c;
				_v28 = _t90;
				_t93 =  *0x473b74; // 0x0
				if(_t93 != 0) {
					L5:
					if(_a16 > 0) {
						_t72 = E0042F06B(_a12, _a16);
						_pop(_t79);
						_a16 = _t72;
					}
					_t55 =  *0x473b74; // 0x0
					if(_t55 != 1) {
						if(_t55 != 2) {
							goto L30;
						} else {
							if(_a28 == 0) {
								_t71 =  *0x473aac; // 0x0
								_a28 = _t71;
							}
							_t57 = WideCharToMultiByte(_a28, 0x220, _a12, _a16, 0, 0, 0, 0);
							_v36 = _t57;
							if(_t57 == 0) {
								goto L30;
							} else {
								_v8 = 0;
								E00429440(_t57 + 0x00000003 & 0x000000fc, _t79);
								_v28 = _t90;
								_v32 = _t90;
								_v8 = _v8 | 0xffffffff;
								if(_v32 == 0 || WideCharToMultiByte(_a28, 0x220, _a12, _a16, _v32, _v36, 0, 0) == 0) {
									goto L30;
								} else {
									_t84 = LCMapStringA(_a4, _a8, _v32, _v36, 0, 0);
									_v48 = _t84;
									if(_t84 == 0) {
										goto L30;
									} else {
										_v8 = 1;
										E00429440(_t63 + 0x00000003 & 0x000000fc, _t79);
										_v28 = _t90;
										_t77 = _t90;
										_v40 = _t77;
										_v8 = _v8 | 0xffffffff;
										if(_t77 == 0 || LCMapStringA(_a4, _a8, _v32, _v36, _t77, _t84) == 0) {
											goto L30;
										} else {
											if((_a9 & 0x00000004) == 0) {
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t84 = MultiByteToWideChar(_a28, 1, _t77, _t84, ??, ??);
												if(_t84 == 0) {
													goto L30;
												} else {
													goto L29;
												}
											} else {
												_t69 = _a24;
												if(_t69 != 0) {
													if(_t69 >= _t84) {
														_t69 = _t84;
													}
													L004297C0(_a20, _t77, _t69);
												}
												L29:
												_t56 = _t84;
											}
										}
									}
								}
							}
						}
					} else {
						_t56 = LCMapStringW(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t78 = 1;
					if(LCMapStringW(0, 0x100, 0x455634, _t78, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x455630, _t78, 0, 0) == 0) {
							L30:
							_t56 = 0;
						} else {
							 *0x473b74 = 2;
							goto L5;
						}
					} else {
						 *0x473b74 = _t78;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t56;
			}
























                    0x0042ee65
                    0x0042ee67
                    0x0042ee6c
                    0x0042ee77
                    0x0042ee78
                    0x0042ee7f
                    0x0042ee85
                    0x0042ee8a
                    0x0042ee90
                    0x0042eed8
                    0x0042eedb
                    0x0042eee3
                    0x0042eee9
                    0x0042eeea
                    0x0042eeea
                    0x0042eeed
                    0x0042eef5
                    0x0042ef17
                    0x00000000
                    0x0042ef1d
                    0x0042ef20
                    0x0042ef22
                    0x0042ef27
                    0x0042ef27
                    0x0042ef3c
                    0x0042ef42
                    0x0042ef47
                    0x00000000
                    0x0042ef4d
                    0x0042ef4d
                    0x0042ef55
                    0x0042ef5a
                    0x0042ef5f
                    0x0042ef70
                    0x0042ef77
                    0x00000000
                    0x0042efa1
                    0x0042efb5
                    0x0042efb7
                    0x0042efbc
                    0x00000000
                    0x0042efc2
                    0x0042efc2
                    0x0042efce
                    0x0042efd3
                    0x0042efd6
                    0x0042efd8
                    0x0042efdb
                    0x0042eff5
                    0x00000000
                    0x0042f00f
                    0x0042f013
                    0x0042f034
                    0x0042f03a
                    0x0042f03d
                    0x0042f036
                    0x0042f036
                    0x0042f037
                    0x0042f037
                    0x0042f04d
                    0x0042f051
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042f015
                    0x0042f015
                    0x0042f01a
                    0x0042f01e
                    0x0042f020
                    0x0042f020
                    0x0042f027
                    0x0042f02c
                    0x0042f053
                    0x0042f053
                    0x0042f053
                    0x0042f013
                    0x0042eff5
                    0x0042efbc
                    0x0042ef77
                    0x0042ef47
                    0x0042eef7
                    0x0042ef09
                    0x0042ef09
                    0x0042ee92
                    0x0042ee92
                    0x0042ee93
                    0x0042ee96
                    0x0042eeac
                    0x0042eec8
                    0x0042f057
                    0x0042f057
                    0x0042eece
                    0x0042eece
                    0x00000000
                    0x0042eece
                    0x0042eeae
                    0x0042eeae
                    0x00000000
                    0x0042eeae
                    0x0042eeac
                    0x0042f05f
                    0x0042f06a

                    APIs
                    • LCMapStringW.KERNEL32(00000000,00000100,00455634,00000001,00000000,00000000,?,?,?), ref: 0042EEA4
                    • LCMapStringA.KERNEL32(00000000,00000100,00455630,00000001,00000000,00000000), ref: 0042EEC0
                    • LCMapStringW.KERNEL32(?,?,?,?,FFFFFFFF,?,?,?,?), ref: 0042EF09
                    • WideCharToMultiByte.KERNEL32(?,00000220,?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 0042EF3C
                    • WideCharToMultiByte.KERNEL32(00000000,00000220,?,?,?,00000000,00000000,00000000), ref: 0042EF93
                    • LCMapStringA.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 0042EFAF
                    • LCMapStringA.KERNEL32(?,?,?,00000000,?,00000000), ref: 0042F005
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: String$ByteCharMultiWide
                    • String ID: pYqt
                    • API String ID: 352835431-1213896493
                    • Opcode ID: 2774aaa9096b915b2cba160596d58bca33a2ddf4583696d712bfbc6196308c32
                    • Instruction ID: 1f191bb6cac0f6d8c30691eac0d5a0531173f5deb199395a1a1591bfc99e94c2
                    • Opcode Fuzzy Hash: 2774aaa9096b915b2cba160596d58bca33a2ddf4583696d712bfbc6196308c32
                    • Instruction Fuzzy Hash: F451AE31A0126DBBCF228F91EC05AEF7F75FB09B95F904036F504A12A1C3399855DBA9
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004020E2 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 116windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 95%
                    			E004020E2(void* __eflags) {
				long _t41;
				void* _t56;
				WCHAR* _t62;
				void* _t67;
				void* _t73;
				void* _t102;
				void* _t109;

				E004291C0(E0044D472, _t109);
				E0040D180(_t109 - 0x30, __eflags);
				 *(_t109 - 4) =  *(_t109 - 4) & 0x00000000;
				while(1) {
					_t41 = E0040CE50(0x472378);
					if(_t41 == 0) {
						DialogBoxParamW( *0x472494, 0x82,  *(_t109 + 8), 0x403cdf, _t41);
					}
					if( *0x4726e4 != 0) {
						break;
					}
					if(E0040CE50(0x472378) == 0) {
						continue;
					} else {
						E00408170(0x472548, E00446F00(0x472378));
						E0040EC60(_t109 - 0x10);
						 *(_t109 - 4) = 1;
						_t73 = E00407220(0x472548, _t109 - 0x10, _t109 - 0x30);
						_t119 = _t73;
						if(_t73 != 0) {
							_t31 = _t109 - 4;
							 *_t31 =  *(_t109 - 4) & 0x00000000;
							__eflags =  *_t31;
							E0040ECA0(_t50, _t109 - 0x10);
						} else {
							E00408BB0(_t109 - 0x140, _t119);
							 *(_t109 - 4) = 2;
							E00408D40(_t109 - 0x140, _t119);
							_push(_t109 - 0x140);
							E00404871(0x472498, "ErrPwdTitle");
							_t56 = E00408CF0(_t109 - 0x140, _t102);
							_t120 = _t56;
							if(_t56 == 0) {
								L00409680(_t109 - 0x140, "Error");
							}
							E00408BB0(_t109 - 0xb8, _t120);
							 *(_t109 - 4) = 3;
							E00408D40(_t109 - 0xb8, _t120);
							_push(_t109 - 0xb8);
							E00404871(0x472498, "ErrPwdCaption");
							if(E00408CF0(_t109 - 0xb8, _t102) == 0) {
								L00409680(_t109 - 0xb8, "Incorrect password.");
							}
							_t62 = E00409030(_t109 - 0x140, _t109);
							MessageBoxW( *(_t109 + 8), E00409030(_t109 - 0xb8, _t109), _t62, 0);
							L00405680(0x472378);
							 *(_t109 - 4) = 2;
							E00408C80(_t109 - 0xb8);
							 *(_t109 - 4) = 1;
							_t67 = E00408C80(_t109 - 0x140);
							 *(_t109 - 4) =  *(_t109 - 4) & 0x00000000;
							E0040ECA0(_t67, _t109 - 0x10);
							continue;
						}
					}
					L13:
					_t34 = _t109 - 4;
					 *_t34 =  *(_t109 - 4) | 0xffffffff;
					__eflags =  *_t34;
					L0040D850(_t109 - 0x30);
					 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
					return _t73;
				}
				_t73 = 0;
				goto L13;
			}










                    0x004020e7
                    0x004020f8
                    0x004020fd
                    0x0040210b
                    0x0040210d
                    0x00402114
                    0x0040212a
                    0x0040212a
                    0x00402137
                    0x00000000
                    0x00000000
                    0x00402146
                    0x00000000
                    0x00402148
                    0x00402152
                    0x0040215a
                    0x00402169
                    0x00402172
                    0x00402174
                    0x00402176
                    0x00402276
                    0x00402276
                    0x00402276
                    0x0040227d
                    0x0040217c
                    0x00402182
                    0x0040218d
                    0x00402191
                    0x004021a1
                    0x004021a9
                    0x004021b4
                    0x004021b9
                    0x004021bb
                    0x004021c8
                    0x004021c8
                    0x004021d3
                    0x004021de
                    0x004021e2
                    0x004021ef
                    0x004021f5
                    0x00402207
                    0x00402214
                    0x00402214
                    0x00402221
                    0x00402236
                    0x0040223e
                    0x00402249
                    0x0040224d
                    0x00402258
                    0x0040225c
                    0x00402261
                    0x00402268
                    0x00000000
                    0x00402268
                    0x00402176
                    0x00402282
                    0x00402282
                    0x00402282
                    0x00402282
                    0x00402289
                    0x00402296
                    0x0040229e
                    0x0040229e
                    0x00402272
                    0x00000000

                    APIs
                    • __EH_prolog.LIBCMT ref: 004020E7
                    • DialogBoxParamW.USER32 ref: 0040212A
                    • MessageBoxW.USER32(?,00000000,00000000,00000000), ref: 00402236
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: DialogH_prologMessageParam
                    • String ID: ErrPwdCaption$ErrPwdTitle$Error$H%G$Incorrect password.$x#G
                    • API String ID: 781316508-2600079208
                    • Opcode ID: 079e8d8f2571ee2fd61fbae94df84325c75bbf12fcc49be34ba0c1dbc3d47ba3
                    • Instruction ID: 6fab42334574617b3abae7758f19da56a3256c601e302e4d759c29f87ee218a2
                    • Opcode Fuzzy Hash: 079e8d8f2571ee2fd61fbae94df84325c75bbf12fcc49be34ba0c1dbc3d47ba3
                    • Instruction Fuzzy Hash: 4E4161309102149ADB15E762CD56BED7739AF24308F4040BEE949721E2DF7C5F49CA69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043255D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117COMMON
                    Download Yara Rule
                    C-Code - Quality: 78%
                    			E0043255D(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, signed int _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x455778);
				_push(E0042D474);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x473bd8; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x473aac; // 0x0
								_a20 = _t44;
							}
							asm("sbb eax, eax");
							_t14 =  &_a20; // 0x432254
							_t37 = MultiByteToWideChar( *_t14, ( ~_a28 & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E00429440(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E00428C60(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x473a9c; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x455634, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x455630, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x473bd8 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                    0x00432560
                    0x00432562
                    0x00432567
                    0x00432572
                    0x00432573
                    0x0043257a
                    0x00432580
                    0x00432583
                    0x0043258c
                    0x004325cc
                    0x004325cf
                    0x004325f8
                    0x00000000
                    0x004325fe
                    0x00432601
                    0x00432603
                    0x00432608
                    0x00432608
                    0x00432618
                    0x0043261f
                    0x00432622
                    0x00432628
                    0x0043262d
                    0x00000000
                    0x0043262f
                    0x0043262f
                    0x0043263c
                    0x00432641
                    0x00432644
                    0x00432646
                    0x0043264c
                    0x00432661
                    0x00432667
                    0x00000000
                    0x00432669
                    0x00432678
                    0x00432680
                    0x00000000
                    0x00432682
                    0x0043268a
                    0x0043268a
                    0x00432680
                    0x00432667
                    0x0043262d
                    0x004325d1
                    0x004325d1
                    0x004325d6
                    0x004325d8
                    0x004325d8
                    0x004325ea
                    0x004325ea
                    0x0043258e
                    0x00432591
                    0x00432594
                    0x004325a4
                    0x004325be
                    0x00432692
                    0x00432692
                    0x004325c4
                    0x004325c6
                    0x00000000
                    0x004325c6
                    0x004325a6
                    0x004325a6
                    0x004325c7
                    0x004325c7
                    0x00000000
                    0x004325c7
                    0x004325a4
                    0x0043269a
                    0x004326a5

                    APIs
                    • GetStringTypeW.KERNEL32(00000001,00455634,00000001,00000000,00000103,00000001,00000000,00432254,00200020,00000000,?,00000000,00000000,00000001), ref: 0043259C
                    • GetStringTypeA.KERNEL32(00000000,00000001,00455630,00000001,?,?,00000000,00000000,00000001), ref: 004325B6
                    • GetStringTypeA.KERNEL32(00000000,00000000,?,00000000,00200020,00000103,00000001,00000000,00432254,00200020,00000000,?,00000000,00000000,00000001), ref: 004325EA
                    • MultiByteToWideChar.KERNEL32(T"C ,00000002,?,00000000,00000000,00000000,00000103,00000001,00000000,00432254,00200020,00000000,?,00000000,00000000,00000001), ref: 00432622
                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001), ref: 00432678
                    • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001), ref: 0043268A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: StringType$ByteCharMultiWide
                    • String ID: T"C $pYqt
                    • API String ID: 3852931651-1576323800
                    • Opcode ID: d17c30bff0c260b260f4dff8fcda5bcfa11d55b4f2c74392ab98cb4cda54ff84
                    • Instruction ID: 0c664c5886710ab60477ff440ef4e0d15832f7e51a9bcabdaf1d1618a6ac2534
                    • Opcode Fuzzy Hash: d17c30bff0c260b260f4dff8fcda5bcfa11d55b4f2c74392ab98cb4cda54ff84
                    • Instruction Fuzzy Hash: 2A418E72A00269BFCF108F94DD86EEF3B68EF18751F104426F916D22A0C778D951DB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043C2E5 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                    Download Yara Rule
                    C-Code - Quality: 96%
                    			E0043C2E5(intOrPtr __ecx) {
				intOrPtr _t48;
				intOrPtr _t74;
				void* _t75;
				void* _t81;
				intOrPtr* _t95;
				void* _t97;
				void* _t99;

				E004291C0(E00450638, _t97);
				 *(_t97 - 0x11) =  *(_t97 - 0x11) & 0x00000000;
				 *((intOrPtr*)(_t97 - 0x10)) = _t99 - 0x1c;
				 *((intOrPtr*)(_t97 - 0x28)) = __ecx;
				 *((intOrPtr*)(_t97 - 0x1c)) = 0;
				 *((intOrPtr*)(_t97 - 0x18)) = 0;
				 *(_t97 - 4) = 0;
				_t74 = E0042929A(0x3d18a0);
				 *((intOrPtr*)(_t97 - 0x24)) = _t74;
				_t48 = E0042929A(0x29040);
				_t95 =  *((intOrPtr*)(_t97 + 0x14));
				_t75 = _t74 + 0x3d189f;
				 *((intOrPtr*)(_t97 - 0x20)) = _t48;
				if( *((char*)(_t97 + 0x18)) != 0) {
					 *((intOrPtr*)( *_t95 + 0x20))("inflator", 1);
				}
				_t80 =  *((intOrPtr*)(_t97 - 0x28));
				 *((char*)(_t97 + 0x13)) = L0043DC50( *((intOrPtr*)(_t97 - 0x28)),  *((intOrPtr*)(_t97 + 8)),  *((intOrPtr*)(_t97 - 0x24)),  *((intOrPtr*)(_t97 - 0x20)), _t75, 0x29040, _t97 - 0x18, _t97 - 0x1c,  *((intOrPtr*)(_t97 + 0x10)), _t95,  *((intOrPtr*)(_t97 + 0x18)));
				if( *((char*)(_t97 + 0x18)) != 0) {
					 *((intOrPtr*)( *_t95 + 0x2c))("returnedFromLoc",  *((intOrPtr*)(_t97 - 0x18)));
					 *((intOrPtr*)( *_t95 + 0x2c))("progressMarker",  *((intOrPtr*)(_t97 - 0x1c)));
					_t80 = _t95;
					 *((intOrPtr*)( *_t95 + 0x24))();
				}
				if( *((char*)(_t97 + 0x13)) == 0) {
					 *((intOrPtr*)( *_t95 + 0x10))("Inflate from data source failed.");
					_t80 = _t95;
					 *((intOrPtr*)( *_t95 + 0x2c))("InflateErrorCode",  *((intOrPtr*)(_t97 - 0x18)));
				}
				E00428DDF(_t80,  *((intOrPtr*)(_t97 - 0x20)));
				_pop(_t81);
				E00428DDF(_t81,  *((intOrPtr*)(_t97 - 0x24)));
				 *(_t97 - 4) =  *(_t97 - 4) | 0xffffffff;
				if( *((intOrPtr*)(_t97 - 0x18)) == 0x108e4) {
					 *((intOrPtr*)( *_t95 + 0x10))("Inflate aborted by application event callback.");
				}
				if( *(_t97 - 0x11) != 0) {
					 *((intOrPtr*)( *_t95 + 0x10))("Internal error occurred when inflating from data source.");
					 *((intOrPtr*)( *_t95 + 0x2c))("progressMarker",  *((intOrPtr*)(_t97 - 0x1c)));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t97 - 0xc));
				return  *((intOrPtr*)(_t97 + 0x13));
			}










                    0x0043c2ea
                    0x0043c2f2
                    0x0043c2f9
                    0x0043c2fe
                    0x0043c306
                    0x0043c309
                    0x0043c30c
                    0x0043c31a
                    0x0043c31d
                    0x0043c320
                    0x0043c325
                    0x0043c328
                    0x0043c333
                    0x0043c336
                    0x0043c343
                    0x0043c343
                    0x0043c34c
                    0x0043c36c
                    0x0043c36f
                    0x0043c37d
                    0x0043c38c
                    0x0043c391
                    0x0043c393
                    0x0043c393
                    0x0043c39a
                    0x0043c3a5
                    0x0043c3ad
                    0x0043c3b4
                    0x0043c3b4
                    0x0043c3ba
                    0x0043c3bf
                    0x0043c3c3
                    0x0043c3dc
                    0x0043c3e7
                    0x0043c3f2
                    0x0043c3f2
                    0x0043c3f9
                    0x0043c404
                    0x0043c413
                    0x0043c413
                    0x0043c41e
                    0x0043c427

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Inflate aborted by application event callback.$Inflate from data source failed.$InflateErrorCode$Internal error occurred when inflating from data source.$inflator$progressMarker$returnedFromLoc
                    • API String ID: 3519838083-1805662376
                    • Opcode ID: 70e5f479810f27b786224087615748d3a2c20326cbed3060076e003c9c6aee97
                    • Instruction ID: 99a3d81f430a6b16f5535c6b610e61b34b4311e255d7900e542633f2b4eed099
                    • Opcode Fuzzy Hash: 70e5f479810f27b786224087615748d3a2c20326cbed3060076e003c9c6aee97
                    • Instruction Fuzzy Hash: A1417DB1A00259EFDF11DFA8C845AEEBFB1EF4C710F20444AF945A7291CB798940CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00434657 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 179COMMON
                    Download Yara Rule
                    C-Code - Quality: 85%
                    			E00434657(void* __ecx, intOrPtr __edx) {
				void* __edi;
				signed int _t82;
				signed int _t83;
				intOrPtr _t91;
				intOrPtr _t97;
				intOrPtr* _t98;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr _t148;
				intOrPtr _t166;
				intOrPtr* _t170;
				intOrPtr* _t171;
				intOrPtr* _t173;
				intOrPtr* _t174;
				void* _t176;
				void* _t178;

				_t166 = __edx;
				E004291C0(E00450043, _t178);
				_t176 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xb4)) != 0) {
					E00439434(_t178 - 0x64, __eflags, 0);
					 *(_t178 - 4) = 0;
					E00443090(_t178 - 0x64, 0, __ecx);
					_t82 =  *(_t176 + 0x10c);
					__eflags = _t82;
					if(_t82 != 0) {
						E0043942A(_t178 - 0x64, _t82);
					}
					__eflags =  *((char*)(_t176 + 0x41));
					if( *((char*)(_t176 + 0x41)) == 0) {
						_t83 = L00433A67(_t176);
						__eflags = _t83;
						if(_t83 == 0) {
							L17:
							__eflags =  *((char*)(_t176 + 0x40));
							_t170 =  *((intOrPtr*)(_t178 + 0xc));
							if( *((char*)(_t176 + 0x40)) != 0) {
								 *((intOrPtr*)( *_t170 + 0x14))("streamToDest from memory...");
							}
							_push(_t170);
							_t128 = _t176 + 0xc0;
							_push( *((intOrPtr*)(_t178 + 8)));
							_push( *(_t176 + 0xb4));
							_push(E0040CE40(_t176 + 0xc0));
							_push(E00446F00(_t176 + 0xc0));
							 *((char*)(_t178 + 0xf)) = E0043A57A(_t178 - 0x64, _t166, _t170);
							_t171 = _t176 + 0x100;
							 *_t171 = E0040CE40(_t128);
							_t68 = _t171 + 4;
							 *_t68 =  *(_t171 + 4) & 0x00000000;
							__eflags =  *_t68;
							 *((intOrPtr*)(_t176 + 0xf8)) =  *_t171;
							 *(_t176 + 0xfc) =  *(_t171 + 4);
							goto L20;
						}
						__eflags =  *(_t176 + 0xb4);
						if( *(_t176 + 0xb4) == 0) {
							goto L17;
						}
						__eflags =  *((char*)(_t176 + 0x40));
						_t130 =  *((intOrPtr*)(_t178 + 0xc));
						if( *((char*)(_t176 + 0x40)) != 0) {
							 *((intOrPtr*)( *_t130 + 0x14))("streamToDest from data source...");
						}
						_push(_t130);
						_push( *(_t176 + 0x10c));
						 *((char*)(_t178 + 0xf)) = E00424B40(L00433A56(_t176),  *(_t176 + 0xb4));
						_t173 = _t176 + 0x100;
						_t97 = E00424DE0(L00433A56(_t176));
						__eflags =  *((char*)(_t176 + 0x40));
						 *_t173 = _t97;
						 *((intOrPtr*)(_t173 + 4)) = _t166;
						_t98 = _t176 + 0xf8;
						 *_t98 =  *_t173;
						_t148 = _t166;
						 *((intOrPtr*)(_t98 + 4)) = _t148;
						if( *((char*)(_t176 + 0x40)) != 0) {
							 *((intOrPtr*)( *_t130 + 0x30))("dsByteCount",  *_t98, _t148);
						}
						goto L20;
					} else {
						__eflags =  *((char*)(_t176 + 0x40));
						_t131 =  *((intOrPtr*)(_t178 + 0xc));
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t131 + 0x14))("streamToDest from file...");
						}
						E00408BB0(_t178 - 0xec, __eflags);
						 *(_t178 - 4) = 1;
						E00408E00(_t178 - 0xec, E00446F00(_t176 + 0x80));
						L0041F650(_t178 - 0x18);
						 *(_t178 - 4) = 2;
						__eflags = E0040C900(_t178 - 0x18, _t178 - 0xec, _t178 - 0x1c, _t131);
						if(__eflags != 0) {
							_t174 = _t176 + 0x100;
							_push(_t131);
							_push(_t174);
							_push( *((intOrPtr*)(_t178 + 8)));
							_push( *(_t176 + 0xb4));
							_push(_t178 - 0x18);
							 *((char*)(_t178 + 0xf)) = E0043A3F3(_t178 - 0x64, _t166, _t174, __eflags);
							 *((intOrPtr*)(_t176 + 0xf8)) =  *_t174;
							 *(_t176 + 0xfc) =  *(_t174 + 4);
							E0041F6C0(_t178 - 0x18);
							 *(_t178 - 4) = 1;
							L0041F700(_t178 - 0x18);
							 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
							E00408C80(_t178 - 0xec);
							L20:
							_t73 = _t178 - 4;
							 *_t73 =  *(_t178 - 4) | 0xffffffff;
							__eflags =  *_t73;
							E00439468(_t178 - 0x64);
							_t91 =  *((intOrPtr*)(_t178 + 0xf));
							goto L21;
						} else {
							 *((intOrPtr*)( *_t131 + 0x10))("Failed to open file for reading (4)");
							 *(_t178 - 4) = 1;
							L0041F700(_t178 - 0x18);
							 *(_t178 - 4) =  *(_t178 - 4) & 0x00000000;
							E00408C80(_t178 - 0xec);
							_t28 = _t178 - 4;
							 *_t28 =  *(_t178 - 4) | 0xffffffff;
							__eflags =  *_t28;
							E00439468(_t178 - 0x64);
							L9:
							_t91 = 0;
							L21:
							 *[fs:0x0] =  *((intOrPtr*)(_t178 - 0xc));
							return _t91;
						}
					}
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0xc)))) + 0x10))("No dest output.");
				goto L9;
			}



















                    0x00434657
                    0x0043465c
                    0x0043466a
                    0x00434674
                    0x0043468c
                    0x00434695
                    0x00434698
                    0x0043469d
                    0x004346a3
                    0x004346a5
                    0x004346ab
                    0x004346ab
                    0x004346b0
                    0x004346b4
                    0x004347b2
                    0x004347b7
                    0x004347b9
                    0x00434835
                    0x00434835
                    0x00434839
                    0x0043483c
                    0x00434847
                    0x00434847
                    0x0043484a
                    0x0043484b
                    0x00434851
                    0x00434856
                    0x00434861
                    0x00434869
                    0x00434874
                    0x00434877
                    0x00434882
                    0x00434884
                    0x00434884
                    0x00434884
                    0x0043488a
                    0x00434893
                    0x00000000
                    0x00434893
                    0x004347bb
                    0x004347c1
                    0x00000000
                    0x00000000
                    0x004347c3
                    0x004347c7
                    0x004347ca
                    0x004347d5
                    0x004347d5
                    0x004347d8
                    0x004347db
                    0x004347f5
                    0x004347f8
                    0x00434805
                    0x0043480a
                    0x0043480e
                    0x00434810
                    0x00434815
                    0x0043481b
                    0x0043481d
                    0x0043481f
                    0x00434822
                    0x00434830
                    0x00434830
                    0x00000000
                    0x004346ba
                    0x004346ba
                    0x004346be
                    0x004346c1
                    0x004346cc
                    0x004346cc
                    0x004346d5
                    0x004346e0
                    0x004346f0
                    0x004346f8
                    0x0043470d
                    0x00434719
                    0x0043471b
                    0x00434757
                    0x0043475d
                    0x0043475e
                    0x00434762
                    0x00434768
                    0x0043476e
                    0x00434774
                    0x00434779
                    0x00434785
                    0x0043478b
                    0x00434793
                    0x00434797
                    0x0043479c
                    0x004347a6
                    0x00434899
                    0x00434899
                    0x00434899
                    0x00434899
                    0x004348a0
                    0x004348a5
                    0x00000000
                    0x0043471d
                    0x00434726
                    0x0043472c
                    0x00434730
                    0x00434735
                    0x0043473f
                    0x00434744
                    0x00434744
                    0x00434744
                    0x0043474b
                    0x00434750
                    0x00434750
                    0x004348a8
                    0x004348ae
                    0x004348b6
                    0x004348b6
                    0x0043471b
                    0x004346b4
                    0x00434680
                    0x00000000

                    APIs
                    • __EH_prolog.LIBCMT ref: 0043465C
                      • Part of subcall function 0043A3F3: __EH_prolog.LIBCMT ref: 0043A3F8
                      • Part of subcall function 0041F6C0: FindCloseChangeNotification.KERNELBASE(?,?,0041F698,00000000,0040C92C,00000000,?,?,00000000), ref: 0041F6CC
                    Strings
                    • streamToDest from data source..., xrefs: 004347CE
                    • streamToDest from memory..., xrefs: 00434840
                    • dsByteCount, xrefs: 0043482B
                    • Failed to open file for reading (4), xrefs: 0043471F
                    • streamToDest from file..., xrefs: 004346C5
                    • No dest output., xrefs: 00434679
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog$ChangeCloseFindNotification
                    • String ID: Failed to open file for reading (4)$No dest output.$dsByteCount$streamToDest from data source...$streamToDest from file...$streamToDest from memory...
                    • API String ID: 2028148922-904192404
                    • Opcode ID: 6d402bd65a1aabca4db00fe947ab98d547832cae626a993ea095c0911b2635b1
                    • Instruction ID: 2bd625e7e202ed8cc8dee19c219dc073dbb6f4f791c3ae047b5931b4ee3bb524
                    • Opcode Fuzzy Hash: 6d402bd65a1aabca4db00fe947ab98d547832cae626a993ea095c0911b2635b1
                    • Instruction Fuzzy Hash: 6B710570500745EFDB14EF61C491BEEBBB4AF49304F10456EE09A9B292DB38AE09CB65
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041EFA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 148fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 77%
                    			E0041EFA0(void* __eflags, intOrPtr _a8, long _a12, long _a16, struct _SECURITY_ATTRIBUTES* _a20, long _a24, long _a28, void* _a32, long* _a36, intOrPtr* _a40) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v28;
				char _v152;
				char _v156;
				char _v172;
				char _v284;
				char _v288;
				char _v296;
				char _v324;
				intOrPtr* _v328;
				char _v340;
				char _v348;
				void* __ebp;
				char _t55;
				long _t61;
				long _t62;
				void* _t82;
				intOrPtr* _t115;
				intOrPtr* _t117;
				intOrPtr* _t119;
				intOrPtr _t120;
				void* _t122;
				WCHAR* _t123;
				intOrPtr _t127;
				void* _t129;

				_t131 = __eflags;
				_push(0xffffffff);
				_push(0x44f7cf);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t127;
				_push(_t122);
				_t115 = 0;
				 *_a36 = 0;
				E00408BB0( &_v284, __eflags);
				_v4 = 0;
				L004096B0( &_v284, _t122, _a8);
				L00409D00( &_v288, _t122, _t131, 0x2f, 0x5c);
				_t123 = E00409030( &_v296, _t122);
				_t55 = E0042929A(0xc);
				_t129 = _t127 - 0x13c + 4;
				_v340 = _t55;
				_v16 = 1;
				if(_t55 == 0) {
					_t119 = 0;
					__eflags = 0;
				} else {
					_t119 = L0041F650(_t55);
				}
				_t82 = _a32;
				_v4 = 0;
				_v328 = _t119;
				 *((intOrPtr*)(_t119 + 4)) = CreateFileW(_t123, _a12, _a16, _a20, _a24, _a28, _t82);
				while( *((intOrPtr*)(_t119 + 4)) == 0xffffffff) {
					_t61 = GetLastError();
					 *_a36 = _t61;
					if(_t61 != 0x20) {
						L7:
						if( *((intOrPtr*)(_t119 + 4)) != 0xffffffff) {
							break;
						} else {
							_t62 = GetLastError();
							_t117 = _a40;
							_t137 = _t117;
							 *_a36 = _t62;
							if(_t117 != 0) {
								E00406110( &_v324, _t137);
								_v4 = 2;
								E00406D00( &_v324);
								_t111 =  *_t117;
								 *((intOrPtr*)( *_t117 + 0x10))("Failed to open file (3)");
								E00408BB0( &_v152, _t137);
								_v8 = 3;
								E00408FB0( &_v152);
								_a40("utf8Filename", L004097D0( &_v156, _t111), _t123);
								_a40("osErrorInfo", E00446F00( &_v340));
								_v28 = 2;
								E00408C80( &_v172);
								_v28 = 0;
								E00406400( &_v348);
							}
							if(_t119 != 0) {
								 *((intOrPtr*)( *_t119))(1);
							}
							_t120 = 0;
						}
					} else {
						_t115 = _t115 + 1;
						E0041E730(0x32);
						_t129 = _t129 + 4;
						 *((intOrPtr*)(_t119 + 4)) = CreateFileW(_t123, _a12, _a16, _a20, _a24, _a28, _t82);
						if(_t115 < 3) {
							continue;
						} else {
							goto L7;
						}
					}
					L14:
					_v4 = 0xffffffff;
					E00408C80( &_v284);
					 *[fs:0x0] = _v12;
					return _t120;
				}
				_t120 = _v328;
				goto L14;
			}































                    0x0041efa0
                    0x0041efa0
                    0x0041efa2
                    0x0041efad
                    0x0041efae
                    0x0041efc3
                    0x0041efc6
                    0x0041efcc
                    0x0041efce
                    0x0041efda
                    0x0041efe6
                    0x0041eff3
                    0x0041f003
                    0x0041f005
                    0x0041f00a
                    0x0041f00d
                    0x0041f013
                    0x0041f01b
                    0x0041f028
                    0x0041f028
                    0x0041f01d
                    0x0041f024
                    0x0041f024
                    0x0041f02a
                    0x0041f05b
                    0x0041f063
                    0x0041f06d
                    0x0041f070
                    0x0041f07a
                    0x0041f08a
                    0x0041f08c
                    0x0041f0d1
                    0x0041f0d5
                    0x00000000
                    0x0041f0db
                    0x0041f0db
                    0x0041f0e8
                    0x0041f0ef
                    0x0041f0f1
                    0x0041f0f3
                    0x0041f0fd
                    0x0041f108
                    0x0041f10f
                    0x0041f114
                    0x0041f11d
                    0x0041f127
                    0x0041f134
                    0x0041f13c
                    0x0041f157
                    0x0041f16d
                    0x0041f177
                    0x0041f17e
                    0x0041f187
                    0x0041f18f
                    0x0041f18f
                    0x0041f196
                    0x0041f19e
                    0x0041f19e
                    0x0041f1a0
                    0x0041f1a0
                    0x0041f08e
                    0x0041f090
                    0x0041f091
                    0x0041f0ab
                    0x0041f0cc
                    0x0041f0cf
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0041f0cf
                    0x0041f1a8
                    0x0041f1ac
                    0x0041f1b7
                    0x0041f1c9
                    0x0041f1d6
                    0x0041f1d6
                    0x0041f1a4
                    0x00000000

                    APIs
                    • CreateFileW.KERNEL32(00000000,?,?,?,?,?,?), ref: 0041F067
                    • GetLastError.KERNEL32 ref: 0041F07A
                    • CreateFileW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0041F0C3
                    • GetLastError.KERNEL32(?,00000000), ref: 0041F0DB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: CreateErrorFileLast
                    • String ID: Failed to open file (3)$osErrorInfo$utf8Filename
                    • API String ID: 1214770103-939543280
                    • Opcode ID: 0c888fa5f115ac73ee9080a90ad25468d6676294f5a30579befefb7c43dc2148
                    • Instruction ID: 38a5a390b0b94bf8512cac3b1a1ee964ef5ecf4dae915eef97e6f3d8adbb3d5d
                    • Opcode Fuzzy Hash: 0c888fa5f115ac73ee9080a90ad25468d6676294f5a30579befefb7c43dc2148
                    • Instruction Fuzzy Hash: 10515D70108780DFD331DB24C855BEBB7B4AFC8714F500A2EE99A97391DB386849CB66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040A3D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 77%
                    			E0040A3D0(void* __edx, void* __eflags) {
				void* _t50;
				long _t72;
				signed int _t74;
				signed int _t77;
				void* _t84;
				void* _t104;
				signed int _t107;
				signed int _t111;
				signed int _t112;
				void* _t114;
				intOrPtr _t117;
				void* _t118;

				_t121 = __eflags;
				_t104 = __edx;
				_push(0xffffffff);
				_push(0x44de4c);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t117;
				_t118 = _t117 - 0x230;
				_push(_t74);
				E00408BB0(_t118 + 8, __eflags);
				 *((intOrPtr*)(_t118 + 0x244)) = 0;
				L00409A00(_t118 + 8, _t114,  *((intOrPtr*)(_t118 + 0x248)));
				L00409D00(_t118 + 0x10, _t114, _t121, 0x2f, 0x5c);
				E004252D0(_t118 + 0x118);
				 *((char*)(_t118 + 0x240)) = 1;
				_t50 = E00425320(_t118 + 0x118);
				_t84 = _t118 + 8;
				if(_t50 == 0) {
					__eflags = E00408CF0(_t84, _t104) - 0x104;
					if(__eflags <= 0) {
						_t107 = DeleteFileW(L00409020(_t118 + 0xc));
						__eflags = _t107;
						if(__eflags == 0) {
							_t53 = GetLastError();
							_t111 =  *(_t118 + 0x250);
							_t74 = _t53;
							__eflags = _t111;
							if(_t111 != 0) {
								E00425480(_t111, _t74);
								_t53 =  *((intOrPtr*)( *_t111 + 0x28))("failedToDeleteFilepath", L004097D0(_t118 + 0x10, _t104), _t114);
							}
							__eflags = _t74 - 2;
							if(_t74 == 2) {
								_t107 = 1;
							}
							__eflags = _t107;
						}
						 *((char*)(_t118 + 0x244)) = 0;
						_t40 = __eflags != 0;
						__eflags = _t40;
						E00425310(_t53, _t118 + 0x11c);
						 *((intOrPtr*)(_t118 + 0x244)) = 0xffffffff;
						E00408C80(_t118 + 0xc);
						 *[fs:0x0] =  *((intOrPtr*)(_t118 + 0x23c));
						return _t74 & 0xffffff00 | _t40;
					} else {
						E00408BB0(_t118 + 0x1b0, __eflags);
						_t105 = _t118 + 8;
						_push(_t118 + 0x1b0);
						_push(_t118 + 8);
						 *((char*)(_t118 + 0x248)) = 2;
						L00409ED0(_t118 + 0x1b0, __eflags);
						_t118 = _t118 + 8;
						E00408BB0(_t118 + 0x90, __eflags);
						 *((char*)(_t118 + 0x244)) = 3;
						L00409700(_t118 + 0x94, "\\\\?\\");
						L00409700(_t118 + 0x94, L004097D0(_t118 + 0x1b0, _t105));
						_t112 = DeleteFileW(L00409020(_t118 + 0x90));
						__eflags = _t112;
						if(__eflags == 0) {
							_t72 = GetLastError();
							__eflags = _t72 - 2;
							if(_t72 == 2) {
								_t112 = 1;
							}
							__eflags = _t112;
						}
						 *((char*)(_t118 + 0x240)) = 2;
						_t25 = __eflags != 0;
						__eflags = _t25;
						_t77 = _t74 & 0xffffff00 | _t25;
						E00408C80(_t118 + 0x90);
						 *((char*)(_t118 + 0x240)) = 1;
						_t68 = E00408C80(_t118 + 0x1b0);
						goto L8;
					}
				} else {
					_t77 = _t74 & 0xffffff00 | DeleteFileA(E004093B0(_t84)) != 0x00000000;
					L8:
					 *((char*)(_t118 + 0x240)) = 0;
					E00425310(_t68, _t118 + 0x118);
					 *((intOrPtr*)(_t118 + 0x240)) = 0xffffffff;
					E00408C80(_t118 + 8);
					 *[fs:0x0] =  *((intOrPtr*)(_t118 + 0x230));
					return _t77;
				}
			}















                    0x0040a3d0
                    0x0040a3d0
                    0x0040a3d0
                    0x0040a3d2
                    0x0040a3dd
                    0x0040a3de
                    0x0040a3e5
                    0x0040a3eb
                    0x0040a3f1
                    0x0040a402
                    0x0040a40d
                    0x0040a41a
                    0x0040a426
                    0x0040a432
                    0x0040a43a
                    0x0040a441
                    0x0040a445
                    0x0040a462
                    0x0040a467
                    0x0040a57c
                    0x0040a57e
                    0x0040a580
                    0x0040a582
                    0x0040a588
                    0x0040a58f
                    0x0040a591
                    0x0040a593
                    0x0040a599
                    0x0040a5b1
                    0x0040a5b4
                    0x0040a5b5
                    0x0040a5b8
                    0x0040a5ba
                    0x0040a5ba
                    0x0040a5bf
                    0x0040a5bf
                    0x0040a5c8
                    0x0040a5d0
                    0x0040a5d0
                    0x0040a5d3
                    0x0040a5dc
                    0x0040a5e7
                    0x0040a5f8
                    0x0040a605
                    0x0040a46d
                    0x0040a474
                    0x0040a480
                    0x0040a484
                    0x0040a485
                    0x0040a486
                    0x0040a48e
                    0x0040a493
                    0x0040a49d
                    0x0040a4ae
                    0x0040a4b6
                    0x0040a4cf
                    0x0040a4e7
                    0x0040a4e9
                    0x0040a4eb
                    0x0040a4ed
                    0x0040a4f3
                    0x0040a4f6
                    0x0040a4f8
                    0x0040a4f8
                    0x0040a4fd
                    0x0040a4fd
                    0x0040a506
                    0x0040a50e
                    0x0040a50e
                    0x0040a50e
                    0x0040a511
                    0x0040a51d
                    0x0040a525
                    0x00000000
                    0x0040a525
                    0x0040a447
                    0x0040a455
                    0x0040a52a
                    0x0040a531
                    0x0040a539
                    0x0040a542
                    0x0040a54d
                    0x0040a55d
                    0x0040a56a
                    0x0040a56a

                    APIs
                      • Part of subcall function 004252D0: GetVersionExA.KERNEL32(?,775FB060,0040A1F4), ref: 004252E3
                    • DeleteFileA.KERNEL32(00000000,0000002F,0000005C), ref: 0040A44D
                    • DeleteFileW.KERNEL32(00000000,00000000), ref: 0040A4E1
                    • GetLastError.KERNEL32 ref: 0040A4ED
                      • Part of subcall function 004093B0: GetACP.KERNEL32(00000000,00000000,?), ref: 00409423
                    • DeleteFileW.KERNEL32(00000000,?,0000002F,0000005C), ref: 0040A576
                    • GetLastError.KERNEL32 ref: 0040A582
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: DeleteFile$ErrorLast$Version
                    • String ID: \\?\$failedToDeleteFilepath
                    • API String ID: 2352840621-2088559278
                    • Opcode ID: 7ea83c8220beec76336e9083aba33e0cd885acf6dd26a1bdfb75276522d2c0e1
                    • Instruction ID: 58e6083e0958d1aac72abf1342fed9472c27f489d293384402e6124532220dd9
                    • Opcode Fuzzy Hash: 7ea83c8220beec76336e9083aba33e0cd885acf6dd26a1bdfb75276522d2c0e1
                    • Instruction Fuzzy Hash: 1E5192314187819BD334EB20C859BEFB7A4BF94314F44092EE89D532D2DF385948C66B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042CFBB Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E0042CFBB() {
				int _v4;
				int _v8;
				void* __ecx;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				void* _t34;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x473a8c; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = E0042AC3F(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E0042E980(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = E0042AC3F(_t42);
								_pop(_t34);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E0042B1A5(_t34, _v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x473a8c = 2;
					goto L18;
				}
				 *0x473a8c = 1;
				goto L6;
			}

















                    0x0042cfbd
                    0x0042cfcc
                    0x0042cfce
                    0x0042cfd0
                    0x0042cfd4
                    0x0042d00c
                    0x0042d096
                    0x0042d0e4
                    0x00000000
                    0x0042d0e4
                    0x0042d098
                    0x0042d09a
                    0x0042d0a8
                    0x0042d0aa
                    0x0042d0ac
                    0x0042d0b8
                    0x0042d0bb
                    0x0042d0c3
                    0x0042d0c8
                    0x0042d0d1
                    0x0042d0ca
                    0x0042d0ca
                    0x0042d0ca
                    0x0042d0da
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d0ae
                    0x0042d0ae
                    0x0042d0ae
                    0x0042d0ae
                    0x0042d0af
                    0x0042d0b3
                    0x0042d0b4
                    0x00000000
                    0x0042d0ae
                    0x0042d0a2
                    0x0042d0a6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d0a6
                    0x0042d012
                    0x0042d014
                    0x0042d022
                    0x0042d025
                    0x0042d027
                    0x0042d037
                    0x0042d043
                    0x0042d04a
                    0x0042d050
                    0x0042d054
                    0x0042d057
                    0x0042d05e
                    0x0042d05f
                    0x0042d063
                    0x0042d074
                    0x0042d07a
                    0x0042d080
                    0x0042d080
                    0x0042d084
                    0x0042d084
                    0x0042d063
                    0x0042d089
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d029
                    0x0042d029
                    0x0042d029
                    0x0042d02a
                    0x0042d02b
                    0x0042d031
                    0x0042d032
                    0x00000000
                    0x0042d029
                    0x0042d018
                    0x0042d01c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d01c
                    0x0042cfd8
                    0x0042cfdc
                    0x0042cff0
                    0x0042cff4
                    0x00000000
                    0x00000000
                    0x0042cffa
                    0x00000000
                    0x0042cffa
                    0x0042cfde
                    0x00000000

                    APIs
                    • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042CFD6
                    • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042CFEA
                    • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042D016
                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429578), ref: 0042D04E
                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00429578), ref: 0042D070
                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00429578), ref: 0042D089
                    • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00429578), ref: 0042D09C
                    • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0042D0DA
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                    • String ID:
                    • API String ID: 1823725401-0
                    • Opcode ID: b70dada43fff38b5c2136c73fa101975ac47a97a7265b705317a968d93392651
                    • Instruction ID: b70ffb52d99e6e27785c2dbdde03d755ae126775493582fcb9bb04afaddf2b79
                    • Opcode Fuzzy Hash: b70dada43fff38b5c2136c73fa101975ac47a97a7265b705317a968d93392651
                    • Instruction Fuzzy Hash: B531E372F082756F97207F797C8483BB69CE64975CF95053BF681C3221EA298C83866D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00431075 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 230fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00431075(CHAR* _a4, signed int _a7, signed int _a8, intOrPtr _a12, signed int _a15, signed int _a16) {
				signed int _v5;
				long _v12;
				signed char _v14;
				long _v16;
				long _v20;
				struct _SECURITY_ATTRIBUTES _v32;
				void* __edi;
				signed int _t87;
				intOrPtr _t88;
				signed int _t89;
				signed char _t90;
				signed int _t97;
				signed char _t100;
				intOrPtr _t102;
				long _t104;
				signed int _t106;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t113;
				signed char _t114;
				signed int _t115;
				signed int _t125;
				signed char _t127;
				void* _t130;
				intOrPtr* _t131;
				long _t132;
				long _t133;
				void* _t134;
				signed int _t137;
				void* _t145;

				_t114 = _a8;
				_v32.nLength = 0xc;
				_v32.lpSecurityDescriptor = 0;
				if((_t114 & 0x00000080) == 0) {
					_t8 =  &_v5;
					 *_t8 = _v5 & 0x00000000;
					__eflags =  *_t8;
					_v32.bInheritHandle = 1;
				} else {
					_v32.bInheritHandle = 0;
					_v5 = 0x10;
				}
				if((0x00008000 & _t114) != 0) {
					L7:
					_t132 = 3;
					_t87 = _t114 & _t132;
					if(_t87 == 0) {
						_v16 = 0x80000000;
						L14:
						_t88 = _a12;
						__eflags = _t88 - 0x10;
						if(_t88 == 0x10) {
							_v20 = 0;
							L22:
							_t89 = 0x400;
							_t115 = _t114 & 0x00000700;
							__eflags = _t115 - 0x400;
							if(__eflags > 0) {
								__eflags = _t115 - 0x500;
								if(_t115 == 0x500) {
									L36:
									_v12 = 1;
									L37:
									_t90 = _a8;
									_t133 = 0x80;
									__eflags = 0x00000100 & _t90;
									if((0x00000100 & _t90) != 0) {
										_t125 =  *0x4738d0; // 0x0
										_t127 =  !_t125 & _a16;
										__eflags = _t127 & 0x00000080;
										if((_t127 & 0x00000080) == 0) {
											_t133 = 1;
										}
									}
									__eflags = _t90 & 0x00000040;
									if((_t90 & 0x00000040) != 0) {
										_t133 = _t133 | 0x04000000;
										_t38 =  &_v14;
										 *_t38 = _v14 | 0x00000001;
										__eflags =  *_t38;
									}
									__eflags = _t90 & 0x00000010;
									if((_t90 & 0x00000010) != 0) {
										_t133 = _t133 | 0x00000100;
										__eflags = _t133;
									}
									__eflags = _t90 & 0x00000020;
									if((_t90 & 0x00000020) == 0) {
										__eflags = _t90 & 0x00000010;
										if((_t90 & 0x00000010) != 0) {
											_t133 = _t133 | 0x10000000;
											__eflags = _t133;
										}
									} else {
										_t133 = _t133 | 0x08000000;
									}
									_t113 = E00430C2C();
									_t130 = 0xffffffffffffffff;
									__eflags = _t113 - 0xffffffffffffffff;
									if(_t113 != 0xffffffffffffffff) {
										_t134 = CreateFileA(_a4, _v16, _v20,  &_v32, _v12, _t133, 0);
										__eflags = _t134 - 0xffffffffffffffff;
										if(_t134 == 0xffffffffffffffff) {
											L53:
											E00430BC5(GetLastError());
											goto L54;
										}
										_t97 = GetFileType(_t134);
										__eflags = _t97;
										if(_t97 != 0) {
											__eflags = _t97 - 2;
											if(_t97 != 2) {
												__eflags = _t97 - 3;
												if(_t97 == 3) {
													_t53 =  &_v5;
													 *_t53 = _v5 | 0x00000008;
													__eflags =  *_t53;
												}
											} else {
												_v5 = _v5 | 0x00000040;
											}
											E00430CC1(_t113, _t134);
											_t100 = _v5 | 0x00000001;
											_a7 = _t100;
											_t131 = 0x476780 + (_t113 >> 5) * 4;
											_t137 = (_t113 & 0x0000001f) << 3;
											_t121 =  *_t131;
											_t59 =  &_a7;
											 *_t59 = _a7 & 0x00000048;
											__eflags =  *_t59;
											 *( *_t131 + _t137 + 4) = _t100;
											if( *_t59 != 0) {
												L71:
												__eflags = _a7;
												if(_a7 == 0) {
													__eflags = _a8 & 0x00000008;
													if((_a8 & 0x00000008) != 0) {
														_t102 =  *_t131;
														_t78 = _t102 + _t137 + 4;
														 *_t78 =  *(_t102 + _t137 + 4) | 0x00000020;
														__eflags =  *_t78;
													}
												}
												return _t113;
											} else {
												__eflags = _t100 & 0x00000080;
												if((_t100 & 0x00000080) == 0) {
													goto L71;
												}
												__eflags = _a8 & 0x00000002;
												if((_a8 & 0x00000002) == 0) {
													goto L71;
												}
												_t104 = E0042E63B(_t113, 0xffffffff, 2);
												__eflags = _t104 - 0xffffffff;
												_v20 = _t104;
												if(_t104 != 0xffffffff) {
													_a15 = _a15 & 0x00000000;
													_t106 = E0042E786(_t113,  &_a15, 1);
													__eflags = _t106;
													if(_t106 != 0) {
														L68:
														_t107 = E0042E63B(_t113, 0, 0);
														__eflags = _t107 - 0xffffffff;
														if(_t107 != 0xffffffff) {
															goto L71;
														}
														L69:
														_t89 = L0042BB08(_t113);
														L70:
														return _t89 | 0xffffffff;
													}
													__eflags = _a15 - 0x1a;
													if(__eflags != 0) {
														goto L68;
													}
													_t109 = E004333EB(_t121, 0x700, _t131, __eflags, _t113, _v20);
													__eflags = _t109 - 0xffffffff;
													if(_t109 == 0xffffffff) {
														goto L69;
													}
													goto L68;
												}
												__eflags =  *0x4738cc - 0x83;
												if( *0x4738cc == 0x83) {
													goto L71;
												}
												goto L69;
											}
										}
										CloseHandle(_t134);
										goto L53;
									} else {
										 *0x4738cc =  *0x4738cc & 0x00000000;
										 *0x4738c8 = 0x18;
										L54:
										return _t130;
									}
								}
								__eflags = _t115 - 0x600;
								if(_t115 == 0x600) {
									L35:
									_v12 = 5;
									goto L37;
								}
								__eflags = _t115 - 0x700;
								if(_t115 == 0x700) {
									goto L36;
								}
								L10:
								 *0x4738c8 = 0x16;
								 *0x4738cc = 0;
								goto L70;
							}
							if(__eflags == 0) {
								L30:
								_v12 = _t132;
								goto L37;
							}
							__eflags = _t115;
							if(_t115 == 0) {
								goto L30;
							}
							__eflags = _t115 - 0x100;
							if(_t115 == 0x100) {
								_v12 = 4;
								goto L37;
							}
							__eflags = _t115 - 0x200;
							if(_t115 == 0x200) {
								goto L35;
							}
							__eflags = _t115 - 0x300;
							if(_t115 != 0x300) {
								goto L10;
							}
							_v12 = 2;
							goto L37;
						}
						__eflags = _t88 - 0x20;
						if(_t88 == 0x20) {
							_v20 = 1;
							goto L22;
						}
						__eflags = _t88 - 0x30;
						if(_t88 == 0x30) {
							_v20 = 2;
							goto L22;
						}
						__eflags = _t88 - 0x40;
						if(_t88 != 0x40) {
							goto L10;
						}
						_v20 = _t132;
						goto L22;
					}
					_t111 = _t87 - 1;
					if(_t111 == 0) {
						_v16 = 0x40000000;
						goto L14;
					}
					_t89 = _t111 - 1;
					if(_t89 == 0) {
						_v16 = 0xc0000000;
						goto L14;
					}
					goto L10;
				} else {
					if((_t114 & 0x00000040) != 0) {
						L6:
						_v5 = _v5 | 0x00000080;
						goto L7;
					}
					_t145 =  *0x473bf4 - 0x8000; // 0x0
					if(_t145 == 0) {
						goto L7;
					}
					goto L6;
				}
			}


































                    0x0043107b
                    0x00431086
                    0x0043108d
                    0x00431090
                    0x0043109b
                    0x0043109b
                    0x0043109b
                    0x0043109f
                    0x00431092
                    0x00431092
                    0x00431095
                    0x00431095
                    0x004310ad
                    0x004310c0
                    0x004310c4
                    0x004310c7
                    0x004310c9
                    0x004310f8
                    0x004310ff
                    0x004310ff
                    0x00431102
                    0x00431105
                    0x0043112d
                    0x00431130
                    0x00431135
                    0x0043113a
                    0x00431141
                    0x00431143
                    0x0043117a
                    0x00431180
                    0x0043119c
                    0x0043119c
                    0x004311a3
                    0x004311a3
                    0x004311a6
                    0x004311ab
                    0x004311ad
                    0x004311af
                    0x004311b7
                    0x004311ba
                    0x004311bd
                    0x004311c1
                    0x004311c1
                    0x004311bd
                    0x004311c2
                    0x004311c4
                    0x004311c6
                    0x004311cc
                    0x004311cc
                    0x004311cc
                    0x004311cc
                    0x004311d0
                    0x004311d3
                    0x004311d5
                    0x004311d5
                    0x004311d5
                    0x004311d7
                    0x004311d9
                    0x004311e3
                    0x004311e5
                    0x004311e7
                    0x004311e7
                    0x004311e7
                    0x004311db
                    0x004311db
                    0x004311db
                    0x004311f2
                    0x004311f4
                    0x004311f7
                    0x004311f9
                    0x00431227
                    0x00431229
                    0x0043122b
                    0x0043123f
                    0x00431246
                    0x00000000
                    0x0043124b
                    0x0043122e
                    0x00431234
                    0x00431236
                    0x00431253
                    0x00431256
                    0x0043125e
                    0x00431261
                    0x00431263
                    0x00431263
                    0x00431263
                    0x00431263
                    0x00431258
                    0x00431258
                    0x00431258
                    0x00431269
                    0x00431277
                    0x0043127f
                    0x00431282
                    0x00431289
                    0x0043128c
                    0x0043128e
                    0x0043128e
                    0x0043128e
                    0x00431292
                    0x00431296
                    0x00431310
                    0x00431310
                    0x00431314
                    0x00431316
                    0x0043131a
                    0x0043131c
                    0x0043131e
                    0x0043131e
                    0x0043131e
                    0x00431323
                    0x0043131a
                    0x00000000
                    0x00431298
                    0x00431298
                    0x0043129a
                    0x00000000
                    0x00000000
                    0x0043129c
                    0x004312a0
                    0x00000000
                    0x00000000
                    0x004312a7
                    0x004312af
                    0x004312b2
                    0x004312b5
                    0x004312c5
                    0x004312d0
                    0x004312d8
                    0x004312da
                    0x004312f2
                    0x004312f7
                    0x004312ff
                    0x00431302
                    0x00000000
                    0x00000000
                    0x00431304
                    0x00431305
                    0x0043130b
                    0x00000000
                    0x0043130b
                    0x004312dc
                    0x004312e0
                    0x00000000
                    0x00000000
                    0x004312e6
                    0x004312ec
                    0x004312f0
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004312f0
                    0x004312b7
                    0x004312c1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004312c3
                    0x00431296
                    0x00431239
                    0x00000000
                    0x004311fb
                    0x004311fb
                    0x00431202
                    0x0043124c
                    0x00000000
                    0x0043124c
                    0x004311f9
                    0x00431182
                    0x00431188
                    0x00431193
                    0x00431193
                    0x00000000
                    0x00431193
                    0x0043118a
                    0x0043118c
                    0x00000000
                    0x00000000
                    0x004310d1
                    0x004310d1
                    0x004310db
                    0x00000000
                    0x004310db
                    0x00431145
                    0x00431175
                    0x00431175
                    0x00000000
                    0x00431175
                    0x00431147
                    0x00431149
                    0x00000000
                    0x00000000
                    0x0043114b
                    0x0043114d
                    0x0043116c
                    0x00000000
                    0x0043116c
                    0x0043114f
                    0x00431155
                    0x00000000
                    0x00000000
                    0x00431157
                    0x0043115d
                    0x00000000
                    0x00000000
                    0x00431163
                    0x00000000
                    0x00431163
                    0x00431107
                    0x0043110a
                    0x00431124
                    0x00000000
                    0x00431124
                    0x0043110c
                    0x0043110f
                    0x0043111b
                    0x00000000
                    0x0043111b
                    0x00431111
                    0x00431114
                    0x00000000
                    0x00000000
                    0x00431116
                    0x00000000
                    0x00431116
                    0x004310cb
                    0x004310cc
                    0x004310ef
                    0x00000000
                    0x004310ef
                    0x004310ce
                    0x004310cf
                    0x004310e6
                    0x00000000
                    0x004310e6
                    0x00000000
                    0x004310af
                    0x004310b2
                    0x004310bc
                    0x004310bc
                    0x00000000
                    0x004310bc
                    0x004310b4
                    0x004310ba
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004310ba

                    APIs
                    • CreateFileA.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 00431221
                    • GetFileType.KERNEL32(00000000), ref: 0043122E
                    • CloseHandle.KERNEL32(00000000), ref: 00431239
                    • GetLastError.KERNEL32 ref: 0043123F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: File$CloseCreateErrorHandleLastType
                    • String ID: @$H
                    • API String ID: 1809617866-104103126
                    • Opcode ID: 7b4d83df992d176d489c3da2ff4a3f1ce3f7d081f64f5d5f588a9e080be1a77f
                    • Instruction ID: ad14d0cb9478dcd2cec632dafaecd60f323ad850e5d5c14259f6e8ef529a4e9b
                    • Opcode Fuzzy Hash: 7b4d83df992d176d489c3da2ff4a3f1ce3f7d081f64f5d5f588a9e080be1a77f
                    • Instruction Fuzzy Hash: 5E81493190424556FF248F58CC847EF7BB0AB0D364F24626BEA61A62F1C37D8986974E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00431445 Relevance: 10.7, APIs: 7, Instructions: 180processsynchronizationCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00431445(signed int _a4, CHAR* _a8, long _a12, void* _a16) {
				signed int _v5;
				long _v12;
				CHAR* _v16;
				struct _PROCESS_INFORMATION _v32;
				struct _STARTUPINFOA _v100;
				signed int _t60;
				char* _t61;
				signed int* _t66;
				signed int* _t67;
				int _t70;
				signed int* _t83;
				signed char _t87;
				signed int _t89;
				signed int _t90;
				long _t91;
				signed int _t92;
				signed char* _t96;
				char* _t102;
				signed int* _t103;
				void* _t104;
				struct _SECURITY_ATTRIBUTES* _t107;
				signed int* _t110;
				long _t111;
				signed int _t112;
				void* _t118;

				_t60 = _a4;
				_v5 = _v5 & 0x00000000;
				_t107 = 0;
				_v12 = 0;
				if(_t60 == 0) {
					L6:
					_t61 = _a12;
					_v16 = _t61;
					while( *_t61 != 0) {
						do {
							_t61 = _t61 + 1;
						} while ( *_t61 != 0);
						_t9 = _t61 + 1; // 0x2
						_t102 = _t9;
						if( *((char*)(_t61 + 1)) != 0) {
							 *_t61 = 0x20;
							_t61 = _t102;
						}
					}
					_t111 = 0x44;
					E00428C60( &_v100, _t107, _t111);
					_v100.cb = _t111;
					_t112 =  *0x476880;
					if(_t112 == _t107) {
						L16:
						_v100.cbReserved2 = _t112 + 4 + _t112 * 4;
						_t66 = E004332E2(_t112 + 0x00000004 + _t112 * 0x00000004 & 0x0000ffff, 1);
						_v100.lpReserved2 = _t66;
						 *_t66 = _t112;
						_t67 = _v100.lpReserved2;
						_t90 = 0;
						_t96 =  &(_t67[1]);
						_t103 = _t67 + _t112 + 4;
						if(_t112 <= _t107) {
							L22:
							if(_v5 == 0) {
								L30:
								 *0x4738c8 = _t107;
								 *0x4738cc = _t107;
								_t70 = CreateProcessA(_a8, _v16, _t107, _t107, 1, _v12, _a16, _t107,  &_v100,  &_v32);
								_t91 = GetLastError();
								E0042B1A5(_t96, _v100.lpReserved2);
								if(_t70 != _t107) {
									if(_a4 == 2) {
										E0042937B(_t107);
									}
									if(_a4 != _t107) {
										if(_a4 != 4) {
											_a12 = _v32.hProcess;
										} else {
											CloseHandle(_v32.hProcess);
											_a12 = _t107;
										}
									} else {
										WaitForSingleObject(_v32.hProcess, 0xffffffff);
										GetExitCodeProcess(_v32.hProcess,  &_a12);
										CloseHandle(_v32);
									}
									CloseHandle(_v32.hThread);
									return _a12;
								}
								_t60 = E00430BC5(_t91);
								L32:
								return _t60 | 0xffffffff;
							}
							_t96 =  &(_t67[1]);
							_t104 = 0;
							_t83 = _t67 + _t112 + 4;
							L24:
							L24:
							if(_t112 >= 3) {
								_t92 = 3;
							} else {
								_t92 = _t112;
							}
							if(_t104 >= _t92) {
								goto L29;
							}
							 *_t96 =  *_t96 & 0x00000000;
							 *_t83 =  *_t83 | 0xffffffff;
							_t104 = _t104 + 1;
							_t96 =  &(_t96[1]);
							_t83 =  &(_t83[1]);
							goto L24;
							L29:
							_v12 = 8;
							goto L30;
						} else {
							goto L17;
						}
						do {
							L17:
							_t110 =  *((intOrPtr*)(0x476780 + (_t90 >> 5) * 4)) + (_t90 & 0x0000001f) * 8;
							_t87 = _t110[1];
							if((_t87 & 0x00000010) != 0) {
								 *_t96 =  *_t96 & 0x00000000;
								 *_t103 =  *_t103 | 0xffffffff;
							} else {
								 *_t96 = _t87;
								 *_t103 =  *_t110;
							}
							_t90 = _t90 + 1;
							_t96 =  &(_t96[1]);
							_t103 =  &(_t103[1]);
						} while (_t90 < _t112);
						_t67 = _v100.lpReserved2;
						_t107 = 0;
						goto L22;
					}
					_t89 = _t112 - 1;
					while( *((char*)( *((intOrPtr*)(0x476780 + (_t89 >> 5) * 4)) + 4 + (_t89 & 0x0000001f) * 8)) == 0) {
						_t112 = _t112 - 1;
						_t89 = _t89 - 1;
						if(_t112 != _t107) {
							continue;
						}
						goto L16;
					}
					goto L16;
				}
				_t118 = _t60 - 1;
				if(_t118 == 0) {
					goto L6;
				}
				if(_t118 <= 0) {
					L11:
					 *0x4738c8 = 0x16;
					 *0x4738cc = _t107;
					goto L32;
				}
				if(_t60 <= 3) {
					goto L6;
				}
				if(_t60 != 4) {
					goto L11;
				} else {
					_v5 = 1;
					goto L6;
				}
			}




























                    0x0043144b
                    0x0043144e
                    0x00431455
                    0x00431459
                    0x0043145c
                    0x00431473
                    0x00431473
                    0x00431476
                    0x00431479
                    0x0043147f
                    0x0043147f
                    0x00431480
                    0x00431489
                    0x00431489
                    0x0043148c
                    0x0043148e
                    0x00431491
                    0x00431491
                    0x0043148c
                    0x004314af
                    0x004314b3
                    0x004314b8
                    0x004314bb
                    0x004314c6
                    0x004314e9
                    0x004314ef
                    0x004314f7
                    0x004314fc
                    0x00431500
                    0x00431502
                    0x00431506
                    0x0043150a
                    0x0043150d
                    0x00431511
                    0x0043154a
                    0x0043154e
                    0x0043157d
                    0x00431580
                    0x0043158f
                    0x004315a2
                    0x004315b3
                    0x004315b5
                    0x004315bd
                    0x004315cf
                    0x004315d2
                    0x004315d2
                    0x004315e0
                    0x00431605
                    0x00431614
                    0x00431607
                    0x0043160a
                    0x0043160c
                    0x0043160c
                    0x004315e2
                    0x004315e7
                    0x004315f4
                    0x004315fd
                    0x004315fd
                    0x0043161a
                    0x00000000
                    0x0043161c
                    0x004315c0
                    0x004315c6
                    0x00000000
                    0x004315c6
                    0x00431550
                    0x00431553
                    0x00431555
                    0x00000000
                    0x00431559
                    0x0043155c
                    0x00431564
                    0x0043155e
                    0x0043155e
                    0x0043155e
                    0x00431567
                    0x00000000
                    0x00000000
                    0x00431569
                    0x0043156c
                    0x0043156f
                    0x00431570
                    0x00431571
                    0x00000000
                    0x00431576
                    0x00431576
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00431513
                    0x00431513
                    0x00431524
                    0x00431527
                    0x0043152c
                    0x00431536
                    0x00431539
                    0x0043152e
                    0x0043152e
                    0x00431532
                    0x00431532
                    0x0043153c
                    0x0043153d
                    0x0043153e
                    0x00431541
                    0x00431545
                    0x00431548
                    0x00000000
                    0x00431548
                    0x004314c8
                    0x004314cb
                    0x004314e3
                    0x004314e4
                    0x004314e7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x004314e7
                    0x00000000
                    0x004314cb
                    0x0043145e
                    0x00431461
                    0x00000000
                    0x00000000
                    0x00431463
                    0x00431495
                    0x00431495
                    0x0043149f
                    0x00000000
                    0x0043149f
                    0x00431468
                    0x00000000
                    0x00000000
                    0x0043146d
                    0x00000000
                    0x0043146f
                    0x0043146f
                    0x00000000
                    0x0043146f

                    APIs
                    • CreateProcessA.KERNEL32(0042C930,0042C930,00000000,00000000,00000001,000000FF,?,00000000,?,?,?,00000000,0046B78C), ref: 004315A2
                    • GetLastError.KERNEL32 ref: 004315AA
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004315E7
                    • GetExitCodeProcess.KERNEL32 ref: 004315F4
                    • CloseHandle.KERNEL32(?), ref: 004315FD
                    • CloseHandle.KERNEL32(?), ref: 0043160A
                    • CloseHandle.KERNEL32(0042C98C), ref: 0043161A
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: CloseHandle$Process$CodeCreateErrorExitLastObjectSingleWait
                    • String ID:
                    • API String ID: 966596688-0
                    • Opcode ID: a065e0a8abb037fb0afeb6d790808b119e87739e3edba1bc62f4713493270a95
                    • Instruction ID: 0e1acb678f3f19efb6307a2cb49f8eadec03e1f770b84c6d28c804067fede186
                    • Opcode Fuzzy Hash: a065e0a8abb037fb0afeb6d790808b119e87739e3edba1bc62f4713493270a95
                    • Instruction Fuzzy Hash: 64513430904248AFDB21CFA4CC44AEEBBF5FB89314F24516BE4669B2B1C339D945CB58
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004024EE Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 129COMMON
                    Download Yara Rule
                    C-Code - Quality: 81%
                    			E004024EE(void* __ebx, void* __edx, void* __eflags) {
				void* __esi;
				void* _t19;
				signed int _t20;
				void* _t21;
				void* _t23;
				signed int _t29;
				void* _t39;
				void* _t45;
				intOrPtr* _t77;
				void* _t79;
				void* _t81;
				void* _t82;
				signed int _t90;
				signed int _t93;

				_t72 = __edx;
				_t45 = __ebx;
				E004291C0(E0044D4C7, _t79);
				_t82 = _t81 - 0x8c;
				_t19 = E0040488A(0x472498, "Verbose");
				_t20 =  *0x4726e0; // 0x0
				 *((char*)(_t79 - 0xd)) = _t19 != 0;
				if(_t20 != 0) {
					_push("processing undo list...\r\n");
					_push(_t20);
					E00429235(__ebx, __edx);
				}
				_t21 = E00428A90( *((intOrPtr*)(_t79 + 8)));
				if(_t21 == 0) {
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t79 - 0xc));
					return _t21;
				} else {
					_push(_t45);
					do {
						_t77 = E0040CDA0( *((intOrPtr*)(_t79 + 8)));
						if(_t77 == 0) {
							goto L22;
						}
						_t23 = E00406AB0(_t77);
						_t46 = _t23;
						E00406BC0(_t77, 1);
						if(_t23 != 0x46) {
							__eflags =  *0x4726e0; // 0x0
							if(__eflags != 0) {
								__eflags =  *((char*)(_t79 - 0xd));
								if(__eflags != 0) {
									L00405590(_t77, 0x5c, 0x2f);
									E00429235(_t46, _t72,  *0x4726e0, "(deleteDir) %s\r\n", E00446F00(_t77));
									_t82 = _t82 + 0xc;
								}
							}
							E00408BB0(_t79 - 0x98, __eflags);
							 *(_t79 - 4) = 0;
							L00409700(_t79 - 0x98, E00446F00(_t77));
							_t29 = L0040BCF0(_t72, _t77, _t79, __eflags, _t79 - 0x98, 0);
							__eflags = _t29;
							if(_t29 == 0) {
								__eflags =  *0x4726e0; // 0x0
								if(__eflags != 0) {
									__eflags =  *((intOrPtr*)(_t79 - 0xd)) - _t29;
									if( *((intOrPtr*)(_t79 - 0xd)) != _t29) {
										E00429235(_t46, _t72,  *0x4726e0, "(failedToDelete) %s\r\n", E00446F00(_t77));
										_t82 = _t82 + 0xc;
									}
								}
							}
							_t12 = _t79 - 4;
							 *_t12 =  *(_t79 - 4) | 0xffffffff;
							__eflags =  *_t12;
							E00408C80(_t79 - 0x98);
							L21:
							 *((intOrPtr*)( *_t77))(1);
							goto L22;
						}
						_t90 =  *0x4726e0; // 0x0
						if(_t90 != 0) {
							_t91 =  *((char*)(_t79 - 0xd));
							if( *((char*)(_t79 - 0xd)) != 0) {
								E00429235(_t46, _t72,  *0x4726e0, "(deleteFile) %s\r\n", E00446F00(_t77));
								_t82 = _t82 + 0xc;
							}
						}
						_push(0);
						_t39 = L0040BE20(_t91, E00446F00(_t77));
						if(_t39 == 0) {
							_t93 =  *0x4726e0; // 0x0
							if(_t93 != 0 &&  *((intOrPtr*)(_t79 - 0xd)) != _t39) {
								E00429235(_t46, _t72,  *0x4726e0, "(failedToDelete) %s\r\n", E00446F00(_t77));
								_t82 = _t82 + 0xc;
							}
						}
						goto L21;
						L22:
						_t21 = E00428A90( *((intOrPtr*)(_t79 + 8)));
					} while (_t21 != 0);
					goto L24;
				}
			}

















                    0x004024ee
                    0x004024ee
                    0x004024f3
                    0x004024f8
                    0x00402509
                    0x00402510
                    0x00402515
                    0x0040251d
                    0x0040251f
                    0x00402524
                    0x00402525
                    0x0040252b
                    0x0040252f
                    0x00402536
                    0x00402696
                    0x0040269a
                    0x004026a2
                    0x0040253c
                    0x0040253c
                    0x0040253e
                    0x00402546
                    0x0040254a
                    0x00000000
                    0x00000000
                    0x00402552
                    0x0040255b
                    0x0040255d
                    0x00402565
                    0x004025dd
                    0x004025e3
                    0x004025e5
                    0x004025e9
                    0x004025f1
                    0x00402609
                    0x0040260e
                    0x0040260e
                    0x004025e9
                    0x00402617
                    0x0040261e
                    0x0040262d
                    0x0040263a
                    0x00402640
                    0x00402643
                    0x00402645
                    0x0040264b
                    0x0040264d
                    0x00402650
                    0x00402665
                    0x0040266a
                    0x0040266a
                    0x00402650
                    0x0040264b
                    0x0040266d
                    0x0040266d
                    0x0040266d
                    0x00402677
                    0x0040267c
                    0x00402682
                    0x00000000
                    0x00402682
                    0x00402567
                    0x0040256d
                    0x0040256f
                    0x00402573
                    0x00402588
                    0x0040258d
                    0x0040258d
                    0x00402573
                    0x00402590
                    0x00402599
                    0x004025a2
                    0x004025a8
                    0x004025ae
                    0x004025d0
                    0x004025d5
                    0x004025d5
                    0x004025ae
                    0x00000000
                    0x00402684
                    0x00402687
                    0x0040268c
                    0x00000000
                    0x00402695

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: (deleteDir) %s$(deleteFile) %s$(failedToDelete) %s$Verbose$processing undo list...
                    • API String ID: 3519838083-881797073
                    • Opcode ID: d21a8b9df15d5c496a560636dc782a77a9d9c5a3d6062f24ff69b53a46e2d0cf
                    • Instruction ID: 8e6481de37206d469086449353965a7c575feb04f3c7baba89bd4978ad17f00f
                    • Opcode Fuzzy Hash: d21a8b9df15d5c496a560636dc782a77a9d9c5a3d6062f24ff69b53a46e2d0cf
                    • Instruction Fuzzy Hash: 3F411670A002206ADB25BB75AD06B6E7728AB81744F14057FF809722D3DFBD1E84CA4D
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043A990 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 117COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0043A990(void* __ecx, void* __eflags) {
				intOrPtr _t70;
				void* _t83;
				intOrPtr* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t114;
				void* _t116;

				_t116 = __eflags;
				_t83 = __ecx;
				E004291C0(E004504CB, _t112);
				E00429440(0x8618, __ecx, __ecx);
				_t110 = _t83;
				 *((intOrPtr*)(_t112 - 0x10)) = _t114;
				 *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x18)))) = 0;
				E0043C086(_t112 - 0x8628, _t116);
				 *(_t112 - 4) = 0;
				L00445E60(_t112 - 0x48);
				 *(_t112 - 4) = 1;
				E00446A40(_t112 - 0x48, 1);
				E00446340(_t112 - 0x48,  *((intOrPtr*)(_t112 + 0xc)));
				_t107 =  *((intOrPtr*)(_t112 + 0x10));
				L00445EC0(_t112 - 0x48, _t107);
				_t58 =  *((intOrPtr*)(_t110 + 0x40));
				if( *((intOrPtr*)(_t110 + 0x40)) != 0) {
					E00446AB0(_t112 - 0x48, _t58);
				}
				E0043C26D(_t112 - 0x8628, _t112 - 0x48);
				 *(_t112 - 4) = 2;
				 *((char*)(_t112 + 0xf)) = E0043C2E5(_t112 - 0x8628,  *((intOrPtr*)(_t112 + 8)), 0x33,  *((intOrPtr*)(_t112 + 0x14)), _t107, 0);
				if( *((intOrPtr*)(_t112 - 0x4c)) != 0) {
					 *((intOrPtr*)( *_t107 + 0x10))("Failed to inflate from data source (2)");
					 *((char*)(_t112 + 0xf)) = 0;
				}
				_t91 =  *((intOrPtr*)(_t110 + 0x40));
				if( *((intOrPtr*)(_t110 + 0x40)) != 0 && L00423D30(_t91) != 0) {
					 *((intOrPtr*)( *_t107 + 0x10))("Inflate aborted by application..");
					 *((char*)(_t112 + 0xf)) = 0;
				}
				 *(_t112 - 4) = 1;
				if(L00423D30(_t112 - 0x48) == 0) {
					L00445EC0(_t112 - 0x48, 0);
					__eflags =  *((intOrPtr*)(_t112 + 0xf));
					if( *((intOrPtr*)(_t112 + 0xf)) == 0) {
						__eflags =  *((intOrPtr*)(_t112 + 0x1c));
						if( *((intOrPtr*)(_t112 + 0x1c)) != 0) {
							 *((intOrPtr*)( *_t107 + 0x10))("Inflate failed.");
						}
					} else {
						_t70 = E00446AA0(_t112 - 0x48);
						__eflags =  *((intOrPtr*)(_t112 + 0x1c));
						 *((intOrPtr*)( *((intOrPtr*)(_t112 + 0x18)))) = _t70;
						if( *((intOrPtr*)(_t112 + 0x1c)) != 0) {
							 *((intOrPtr*)( *_t107 + 0x34))("inflatorOutputCrc", _t70);
						}
					}
					 *((char*)(_t112 + 0x1f)) =  *((intOrPtr*)(_t112 + 0xf));
				} else {
					 *((intOrPtr*)( *_t107 + 0x10))("Failed to inflate from data source because sink write failed.");
					 *((char*)(_t112 + 0x1f)) = 0;
				}
				 *(_t112 - 4) = 0;
				L00445EA0(_t112 - 0x48);
				 *(_t112 - 4) =  *(_t112 - 4) | 0xffffffff;
				E0043C1F5(_t112 - 0x8628);
				 *[fs:0x0] =  *((intOrPtr*)(_t112 - 0xc));
				return  *((intOrPtr*)(_t112 + 0x1f));
			}










                    0x0043a990
                    0x0043a990
                    0x0043a995
                    0x0043a9a0
                    0x0043a9aa
                    0x0043a9b5
                    0x0043a9b8
                    0x0043a9ba
                    0x0043a9c2
                    0x0043a9c5
                    0x0043a9cf
                    0x0043a9d3
                    0x0043a9de
                    0x0043a9e3
                    0x0043a9ea
                    0x0043a9ef
                    0x0043a9f4
                    0x0043a9fa
                    0x0043a9fa
                    0x0043aa09
                    0x0043aa19
                    0x0043aa2a
                    0x0043aa2d
                    0x0043aa38
                    0x0043aa3b
                    0x0043aa3b
                    0x0043aa3e
                    0x0043aa43
                    0x0043aa57
                    0x0043aa5a
                    0x0043aa5a
                    0x0043aa60
                    0x0043aa6e
                    0x0043aa82
                    0x0043aa87
                    0x0043aa8a
                    0x0043aaad
                    0x0043aab0
                    0x0043aabb
                    0x0043aabb
                    0x0043aa8c
                    0x0043aa8f
                    0x0043aa97
                    0x0043aa9a
                    0x0043aa9c
                    0x0043aaa8
                    0x0043aaa8
                    0x0043aa9c
                    0x0043aac1
                    0x0043aa70
                    0x0043aa79
                    0x0043aadb
                    0x0043aadb
                    0x0043aae1
                    0x0043aae4
                    0x0043aae9
                    0x0043aaf3
                    0x0043ab00
                    0x0043ab09

                    APIs
                    • __EH_prolog.LIBCMT ref: 0043A995
                      • Part of subcall function 0043C086: __EH_prolog.LIBCMT ref: 0043C08B
                    Strings
                    • Inflate aborted by application.., xrefs: 0043AA50
                    • Failed to inflate from data source because sink write failed., xrefs: 0043AA72
                    • inflatorOutputCrc, xrefs: 0043AAA1
                    • Failed to inflate from data source (2), xrefs: 0043AA31
                    • Inflate failed., xrefs: 0043AAB4
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Failed to inflate from data source (2)$Failed to inflate from data source because sink write failed.$Inflate aborted by application..$Inflate failed.$inflatorOutputCrc
                    • API String ID: 3519838083-2508449830
                    • Opcode ID: 2916bf0484255d4ae4b38aaf44611a9e0ec150a72725d8a3b1791a8ac25c3ee3
                    • Instruction ID: 98739a6349109226fead40deb3f002839bb948591d8757e2db16e1c9b202bd7c
                    • Opcode Fuzzy Hash: 2916bf0484255d4ae4b38aaf44611a9e0ec150a72725d8a3b1791a8ac25c3ee3
                    • Instruction Fuzzy Hash: 4B41C231541289DFCF15EFA4C8919EE7B31AF09304F14409FF4826B282EB389A56DF5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0041ED60 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 156COMMON
                    Download Yara Rule
                    C-Code - Quality: 70%
                    			E0041ED60(void* __ebp, void* __eflags, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, long* _a32, intOrPtr* _a36) {
				char _v8;
				char _v16;
				char _v20;
				char _v36;
				char _v164;
				char _v180;
				char _v188;
				char _v192;
				char _v200;
				char _v232;
				intOrPtr* _v236;
				intOrPtr _v244;
				char _v252;
				char _v260;
				intOrPtr _t54;
				intOrPtr _t57;
				long _t61;
				long _t76;
				intOrPtr _t80;
				void* _t83;
				intOrPtr* _t118;
				intOrPtr* _t120;
				intOrPtr* _t122;
				intOrPtr _t123;
				void* _t125;
				char _t126;
				intOrPtr _t128;
				void* _t130;
				void* _t131;

				_t125 = __ebp;
				_push(0xffffffff);
				_push(0x44f78f);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t128;
				_t118 = 0;
				_push(_a8);
				 *_a36 = 0;
				E00406010( &_v188, __eflags);
				_v8 = 0;
				E00405550( &_v192, 0x2f, 0x5c);
				_t83 = E00446F00( &_v200);
				_t54 = E0042929A(0xc);
				_t130 = _t128 - 0xdc + 4;
				_v244 = _t54;
				_v16 = 1;
				if(_t54 == 0) {
					_t122 = 0;
					__eflags = 0;
				} else {
					_t122 = L0041F650(_t54);
				}
				_push(_t125);
				_t126 = _a12;
				_v8 = 0;
				_v236 = _t122;
				_t57 = E0040CA50(_t83, _a8, _t126, _a16, _a20, _a24, _a28);
				_t131 = _t130 + 0x1c;
				 *((intOrPtr*)(_t122 + 4)) = _t57;
				while( *((intOrPtr*)(_t122 + 4)) == 0xffffffff) {
					_t76 = GetLastError();
					 *_a32 = _t76;
					if(_t76 == 0x20) {
						if(_t126 == 1) {
							_t126 = 3;
						}
						_t118 = _t118 + 1;
						E0041E730(0x32);
						_t80 = E0040CA50(_t83, _a8, _t126, _a16, _a20, _a24, _a28);
						_t131 = _t131 + 0x20;
						 *((intOrPtr*)(_t122 + 4)) = _t80;
						if(_t118 < 3) {
							continue;
						}
					}
					break;
				}
				if( *((intOrPtr*)(_t122 + 4)) != 0xffffffff) {
					_t123 = _v236;
				} else {
					_t61 = GetLastError();
					_t120 = _a36;
					_t140 = _t120;
					 *_a32 = _t61;
					if(_t120 != 0) {
						E00406110( &_v232, _t140);
						_v8 = 2;
						E00406D00( &_v232);
						 *((intOrPtr*)( *_t120 + 0x10))("Failed to open file (2)");
						 *((intOrPtr*)( *_t120 + 0x28))("filename", _t83);
						E00408BB0( &_v164, _t140);
						_v20 = 3;
						L00409FE0( &_v164, _t140);
						_t131 = _t131 + 4;
						 *((intOrPtr*)( *_t120 + 0x28))("currentWorkingDirectory", L004097D0( &_v164,  *_t120),  &_v164);
						 *((intOrPtr*)( *_t120 + 0x28))("osErrorInfo", E00446F00( &_v252));
						_v36 = 2;
						E00408C80( &_v180);
						_v36 = 0;
						E00406400( &_v260);
					}
					if(_t122 != 0) {
						 *((intOrPtr*)( *_t122))(1);
					}
					_t123 = 0;
				}
				_v8 = 0xffffffff;
				E00406400( &_v192);
				 *[fs:0x0] = _v16;
				return _t123;
			}
































                    0x0041ed60
                    0x0041ed60
                    0x0041ed62
                    0x0041ed6d
                    0x0041ed6e
                    0x0041ed8c
                    0x0041ed8e
                    0x0041ed93
                    0x0041ed95
                    0x0041eda2
                    0x0041eda9
                    0x0041edb9
                    0x0041edbb
                    0x0041edc0
                    0x0041edc3
                    0x0041edc9
                    0x0041edd1
                    0x0041edde
                    0x0041edde
                    0x0041edd3
                    0x0041edda
                    0x0041edda
                    0x0041edf5
                    0x0041edf6
                    0x0041ee12
                    0x0041ee1a
                    0x0041ee1e
                    0x0041ee23
                    0x0041ee26
                    0x0041ee29
                    0x0041ee2f
                    0x0041ee3f
                    0x0041ee41
                    0x0041ee46
                    0x0041ee48
                    0x0041ee48
                    0x0041ee4f
                    0x0041ee50
                    0x0041ee7f
                    0x0041ee84
                    0x0041ee8a
                    0x0041ee8d
                    0x00000000
                    0x00000000
                    0x0041ee8d
                    0x00000000
                    0x0041ee41
                    0x0041ee96
                    0x0041ef69
                    0x0041ee9c
                    0x0041ee9c
                    0x0041eea9
                    0x0041eeb0
                    0x0041eeb2
                    0x0041eeb4
                    0x0041eebe
                    0x0041eec7
                    0x0041eecf
                    0x0041eedd
                    0x0041eeea
                    0x0041eef1
                    0x0041eefa
                    0x0041ef03
                    0x0041ef0a
                    0x0041ef1e
                    0x0041ef34
                    0x0041ef3b
                    0x0041ef43
                    0x0041ef4c
                    0x0041ef54
                    0x0041ef54
                    0x0041ef5b
                    0x0041ef63
                    0x0041ef63
                    0x0041ef65
                    0x0041ef65
                    0x0041ef71
                    0x0041ef7c
                    0x0041ef8d
                    0x0041ef9a

                    APIs
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 0041EE2F
                    • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 0041EE9C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ErrorLast
                    • String ID: Failed to open file (2)$currentWorkingDirectory$filename$osErrorInfo
                    • API String ID: 1452528299-4023636599
                    • Opcode ID: 5b0007f7a49479989769fd7d2f76ac0a184f2b35d3235816421476c3061b6d3c
                    • Instruction ID: 06aff772ddff44c7a4771eb68da82ab892d743480d81026f7ff03922b39d96f9
                    • Opcode Fuzzy Hash: 5b0007f7a49479989769fd7d2f76ac0a184f2b35d3235816421476c3061b6d3c
                    • Instruction Fuzzy Hash: DB51B2746043819FD334DB21C881BEFB3A5AF88704F00491EF99A473C2DB389845CBA6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004326A6 Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                    Download Yara Rule
                    C-Code - Quality: 82%
                    			E004326A6(int _a4, short* _a8, int _a12, short* _a16, int _a20, int _a24) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				int _v44;
				char* _v48;
				void* _v60;
				int _t47;
				int _t48;
				int _t60;
				int _t63;
				short* _t70;
				void* _t71;
				int _t80;
				signed short* _t81;
				int _t82;
				intOrPtr _t83;
				char* _t84;
				short* _t86;

				_push(0xffffffff);
				_push(0x455788);
				_push(E0042D474);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t83;
				_t84 = _t83 - 0x1c;
				_v28 = _t84;
				_t47 =  *0x473bdc; // 0x0
				if(_t47 != 0) {
					L6:
					if(_t47 != 1) {
						if(_t47 != 2) {
							goto L22;
						} else {
							if(_a20 == 0) {
								_t63 =  *0x473aac; // 0x0
								_a20 = _t63;
							}
							_t80 = WideCharToMultiByte(_a20, 0x220, _a8, _a12, 0, 0, 0, 0);
							_v44 = _t80;
							if(_t80 == 0) {
								goto L22;
							} else {
								_v8 = 0;
								E00429440(_t49 + 0x00000003 & 0x000000fc, _t71);
								_v28 = _t84;
								_v48 = _t84;
								E00428C60(_t84, 0, _t80);
								_t86 = _t84 + 0xc;
								_v8 = _v8 | 0xffffffff;
								if(_v48 == 0 || WideCharToMultiByte(_a20, 0x220, _a8, _a12, _v48, _t80, 0, 0) == 0) {
									goto L22;
								} else {
									_v8 = 1;
									_t26 = _t80 + 2; // 0x2
									E00429440(_t80 + _t26 + 0x00000003 & 0x000000fc, _t71);
									_v28 = _t86;
									_t70 = _t86;
									_v40 = _t70;
									_v8 = _v8 | 0xffffffff;
									if(_t70 == 0) {
										goto L22;
									} else {
										_t60 = _a24;
										if(_t60 == 0) {
											_t60 =  *0x473a9c; // 0x0
										}
										_t77 = _a12 + _a12;
										_t81 = _a12 + _a12 + _t70;
										 *_t81 =  *_t81 | 0x0000ffff;
										 *(_t81 - 2) =  *(_t81 - 2) | 0x0000ffff;
										_v36 = GetStringTypeA(_t60, _a4, _v48, _v44, _t70);
										if( *(_t81 - 2) == 0xffff ||  *_t81 != 0xffff) {
											goto L22;
										} else {
											L00429CD0(_a16, _t70, _t77);
											_t48 = _v36;
										}
									}
								}
							}
						}
					} else {
						_t48 = GetStringTypeW(_a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t82 = 1;
					if(GetStringTypeW(_t82, 0x455634, _t82, ??) == 0) {
						if(GetStringTypeA(0, _t82, 0x455630, _t82,  &_v32) == 0) {
							L22:
							_t48 = 0;
						} else {
							_t47 = 2;
							goto L5;
						}
					} else {
						_t47 = _t82;
						L5:
						 *0x473bdc = _t47;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t48;
			}
























                    0x004326a9
                    0x004326ab
                    0x004326b0
                    0x004326bb
                    0x004326bc
                    0x004326c3
                    0x004326c9
                    0x004326cc
                    0x004326d5
                    0x00432715
                    0x00432718
                    0x00432734
                    0x00000000
                    0x0043273a
                    0x0043273d
                    0x0043273f
                    0x00432744
                    0x00432744
                    0x0043275f
                    0x00432761
                    0x00432766
                    0x00000000
                    0x0043276c
                    0x0043276c
                    0x00432774
                    0x00432779
                    0x0043277e
                    0x00432784
                    0x00432789
                    0x0043278c
                    0x004327a8
                    0x00000000
                    0x004327d0
                    0x004327d0
                    0x004327d7
                    0x004327e0
                    0x004327e5
                    0x004327e8
                    0x004327ea
                    0x004327fa
                    0x00432800
                    0x00000000
                    0x00432802
                    0x00432802
                    0x00432807
                    0x00432809
                    0x00432809
                    0x00432811
                    0x00432814
                    0x00432817
                    0x0043281c
                    0x00432833
                    0x0043283c
                    0x00000000
                    0x00432845
                    0x0043284a
                    0x00432852
                    0x00432852
                    0x0043283c
                    0x00432800
                    0x004327a8
                    0x00432766
                    0x0043271a
                    0x00432726
                    0x00432726
                    0x004326d7
                    0x004326da
                    0x004326dd
                    0x004326ed
                    0x00432707
                    0x00432857
                    0x00432857
                    0x0043270d
                    0x0043270f
                    0x00000000
                    0x0043270f
                    0x004326ef
                    0x004326ef
                    0x00432710
                    0x00432710
                    0x00000000
                    0x00432710
                    0x004326ed
                    0x0043285f
                    0x0043286a

                    APIs
                    • GetStringTypeW.KERNEL32(00000001,00455634,00000001,?,?,?,?), ref: 004326E5
                    • GetStringTypeA.KERNEL32(00000000,00000001,00455630,00000001,?), ref: 004326FF
                    • GetStringTypeW.KERNEL32(00000100,?,?,?,?,?,?), ref: 00432726
                    • WideCharToMultiByte.KERNEL32(FFFFFFFF,00000220,?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00432759
                    • WideCharToMultiByte.KERNEL32(FFFFFFFF,00000220,?,?,00000000,00000000,00000000,00000000), ref: 004327C2
                    • GetStringTypeA.KERNEL32(?,00000100,?,?), ref: 0043282D
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: StringType$ByteCharMultiWide
                    • String ID:
                    • API String ID: 3852931651-0
                    • Opcode ID: 7a52a869baa545768cf5a34047ac0df54591020f7ea7a127c0670dd69d9498f5
                    • Instruction ID: 32f58788bc3fbc6141b4369d6b8bc7c0b4019f04d1ee6eb6cb1a9a13d6927c53
                    • Opcode Fuzzy Hash: 7a52a869baa545768cf5a34047ac0df54591020f7ea7a127c0670dd69d9498f5
                    • Instruction Fuzzy Hash: 1F51A03190024AEBCF219F55CC49EEF7FB4FF49714F20811AF514A2290D3749952DBA8
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042E3B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                    Download Yara Rule
                    C-Code - Quality: 64%
                    			E0042E3B2() {
				int _t41;
				int _t51;
				short* _t53;
				void* _t54;
				int _t59;
				void* _t60;
				short* _t62;

				_t62 =  *(_t60 - 0x18);
				 *(_t60 - 0x24) = 0;
				 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
				_t51 =  *(_t60 - 0x1c);
				if( *(_t60 - 0x24) == 0 || MultiByteToWideChar( *(_t60 + 0x20), 1,  *(_t60 + 0x10),  *(_t60 + 0x14),  *(_t60 - 0x24), _t51) == 0) {
					L8:
					_t41 = 0;
				} else {
					_t59 = LCMapStringW( *(_t60 + 8),  *(_t60 + 0xc),  *(_t60 - 0x24), _t51, 0, 0);
					 *(_t60 - 0x28) = _t59;
					if(_t59 == 0) {
						goto L8;
					} else {
						if(( *(_t60 + 0xd) & 0x00000004) == 0) {
							 *(_t60 - 4) = 1;
							E00429440(_t59 + _t59 + 0x00000003 & 0x000000fc, _t54);
							 *(_t60 - 0x18) = _t62;
							_t53 = _t62;
							 *(_t60 - 0x20) = _t53;
							 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
							if(_t53 == 0 || LCMapStringW( *(_t60 + 8),  *(_t60 + 0xc),  *(_t60 - 0x24),  *(_t60 - 0x1c), _t53, _t59) == 0) {
								goto L8;
							} else {
								_push(0);
								_push(0);
								if( *(_t60 + 0x1c) != 0) {
									_push( *(_t60 + 0x1c));
									_t39 = _t60 + 0x18; // 0x432254
									_push( *_t39);
								} else {
									_push(0);
									_push(0);
								}
								_t59 = WideCharToMultiByte( *(_t60 + 0x20), 0x220, _t53, _t59, ??, ??, ??, ??);
								if(_t59 == 0) {
									goto L8;
								} else {
									goto L17;
								}
							}
						} else {
							if( *(_t60 + 0x1c) == 0) {
								L17:
								_t41 = _t59;
							} else {
								if(_t59 >  *(_t60 + 0x1c)) {
									goto L8;
								} else {
									_t21 = _t60 + 0x18; // 0x432254
									if(LCMapStringW( *(_t60 + 8),  *(_t60 + 0xc),  *(_t60 - 0x24), _t51,  *_t21,  *(_t60 + 0x1c)) != 0) {
										goto L17;
									} else {
										goto L8;
									}
								}
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0x10));
				return _t41;
			}










                    0x0042e3b2
                    0x0042e3b7
                    0x0042e3ba
                    0x0042e3be
                    0x0042e3c4
                    0x0042e42c
                    0x0042e42c
                    0x0042e3df
                    0x0042e3f1
                    0x0042e3f3
                    0x0042e3f8
                    0x00000000
                    0x0042e3fa
                    0x0042e3fe
                    0x0042e440
                    0x0042e44f
                    0x0042e454
                    0x0042e457
                    0x0042e459
                    0x0042e45c
                    0x0042e476
                    0x00000000
                    0x0042e490
                    0x0042e493
                    0x0042e494
                    0x0042e495
                    0x0042e49b
                    0x0042e49e
                    0x0042e49e
                    0x0042e497
                    0x0042e497
                    0x0042e498
                    0x0042e498
                    0x0042e4b1
                    0x0042e4b5
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e4b5
                    0x0042e400
                    0x0042e403
                    0x0042e4bb
                    0x0042e4bb
                    0x0042e409
                    0x0042e40c
                    0x00000000
                    0x0042e40e
                    0x0042e411
                    0x0042e426
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e426
                    0x0042e40c
                    0x0042e403
                    0x0042e3fe
                    0x0042e3f8
                    0x0042e434
                    0x0042e43f

                    APIs
                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E3D5
                    • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E3EB
                    • LCMapStringW.KERNEL32(?,?,?,00000000,T"C ,?,?,00432254,00200020,00000000,?,00000000), ref: 0042E41E
                    • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E486
                    • WideCharToMultiByte.KERNEL32(?,00000220,?,00000000,T"C ,?,00000000,00000000,?,00000000,?,00432254,00200020,00000000,?,00000000), ref: 0042E4AB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: String$ByteCharMultiWide
                    • String ID: T"C $pYqt
                    • API String ID: 352835431-1576323800
                    • Opcode ID: 8f048ae39f69d5b3ff6180955f493ec1833d74fce0c05c0c1e35028c81d588a7
                    • Instruction ID: 7c06272c5c548abf6c58dcd85905307948135404219045800281490d4edf295b
                    • Opcode Fuzzy Hash: 8f048ae39f69d5b3ff6180955f493ec1833d74fce0c05c0c1e35028c81d588a7
                    • Instruction Fuzzy Hash: E8116A32A00259EBCF229F95DC00ADFBFB6FB48750F108156FA10622A1C3369D61DB54
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042D0ED Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                    Download Yara Rule
                    C-Code - Quality: 98%
                    			E0042D0ED() {
				signed int* _t35;
				signed int* _t37;
				long _t42;
				signed int _t44;
				signed int _t45;
				int* _t46;
				void* _t48;
				void** _t52;
				signed int* _t54;
				signed int _t57;
				void** _t58;
				signed char _t60;
				signed int* _t66;
				void* _t69;
				signed int _t70;
				signed int** _t71;
				signed int* _t72;
				void** _t73;
				int _t74;
				int* _t75;
				void* _t76;

				_t72 = E0042AC3F(0x100);
				if(_t72 == 0) {
					L004295EA(0x1b);
				}
				 *0x476780 = _t72;
				 *0x476880 = 0x20;
				_t1 =  &(_t72[0x40]); // 0x100
				_t35 = _t1;
				while(_t72 < _t35) {
					_t72[1] = _t72[1] & 0x00000000;
					 *_t72 =  *_t72 | 0xffffffff;
					_t72[1] = 0xa;
					_t72 =  &(_t72[2]);
					_t35 =  &(( *0x476780)[0x40]);
				}
				GetStartupInfoA(_t76 + 0x10);
				if( *((short*)(_t76 + 0x42)) == 0) {
					L25:
					_t57 = 0;
					do {
						_t37 =  *0x476780;
						_t73 = _t37 + _t57 * 8;
						if( *(_t37 + _t57 * 8) != 0xffffffff) {
							_t73[1] = _t73[1] | 0x00000080;
							goto L37;
						}
						_t73[1] = 0x81;
						if(_t57 != 0) {
							asm("sbb eax, eax");
							_t42 =  ~(_t57 - 1) + 0xfffffff5;
						} else {
							_t42 = 0xfffffff6;
						}
						_t69 = GetStdHandle(_t42);
						if(_t69 == 0xffffffff) {
							L33:
							_t73[1] = _t73[1] | 0x00000040;
						} else {
							_t44 = GetFileType(_t69);
							if(_t44 == 0) {
								goto L33;
							}
							_t45 = _t44 & 0x000000ff;
							 *_t73 = _t69;
							if(_t45 != 2) {
								if(_t45 == 3) {
									_t73[1] = _t73[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t57 = _t57 + 1;
					} while (_t57 < 3);
					return SetHandleCount( *0x476880);
				}
				_t46 =  *(_t76 + 0x44);
				if(_t46 == 0) {
					goto L25;
				}
				_t74 =  *_t46;
				_t75 =  &(_t46[1]);
				_t58 = _t75 + _t74;
				if(_t74 >= 0x800) {
					_t74 = 0x800;
				}
				if( *0x476880 >= _t74) {
					L18:
					_t70 = 0;
					if(_t74 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t48 =  *_t58;
						if(_t48 != 0xffffffff) {
							_t60 =  *_t75;
							if((_t60 & 0x00000001) != 0 && ((_t60 & 0x00000008) != 0 || GetFileType(_t48) != 0)) {
								_t52 = 0x476780[_t70 >> 5] + (_t70 & 0x0000001f) * 8;
								 *_t52 =  *_t58;
								_t52[1] =  *_t75;
							}
						}
						_t70 = _t70 + 1;
						_t75 =  &(_t75[0]);
						_t58 =  &(_t58[1]);
					} while (_t70 < _t74);
					goto L25;
				} else {
					_t71 = 0x476784;
					while(1) {
						_t54 = E0042AC3F(0x100);
						if(_t54 == 0) {
							break;
						}
						 *0x476880 =  *0x476880 + 0x20;
						 *_t71 = _t54;
						_t10 =  &(_t54[0x40]); // 0x100
						_t66 = _t10;
						while(_t54 < _t66) {
							_t54[1] = _t54[1] & 0x00000000;
							 *_t54 =  *_t54 | 0xffffffff;
							_t54[1] = 0xa;
							_t54 =  &(_t54[2]);
							_t66 =  &(( *_t71)[0x40]);
						}
						_t71 =  &(_t71[1]);
						if( *0x476880 < _t74) {
							continue;
						}
						goto L18;
					}
					_t74 =  *0x476880;
					goto L18;
				}
			}
























                    0x0042d0fe
                    0x0042d103
                    0x0042d107
                    0x0042d10c
                    0x0042d10d
                    0x0042d113
                    0x0042d11d
                    0x0042d11d
                    0x0042d123
                    0x0042d127
                    0x0042d12b
                    0x0042d12e
                    0x0042d137
                    0x0042d13a
                    0x0042d13a
                    0x0042d146
                    0x0042d152
                    0x0042d21d
                    0x0042d21d
                    0x0042d21f
                    0x0042d21f
                    0x0042d228
                    0x0042d22b
                    0x0042d27a
                    0x00000000
                    0x0042d27a
                    0x0042d22f
                    0x0042d233
                    0x0042d23f
                    0x0042d241
                    0x0042d235
                    0x0042d237
                    0x0042d237
                    0x0042d24b
                    0x0042d250
                    0x0042d269
                    0x0042d269
                    0x0042d252
                    0x0042d253
                    0x0042d25b
                    0x00000000
                    0x00000000
                    0x0042d25d
                    0x0042d262
                    0x0042d267
                    0x0042d272
                    0x0042d274
                    0x0042d274
                    0x00000000
                    0x0042d272
                    0x00000000
                    0x0042d267
                    0x0042d27e
                    0x0042d27e
                    0x0042d27f
                    0x0042d297
                    0x0042d297
                    0x0042d158
                    0x0042d15e
                    0x00000000
                    0x00000000
                    0x0042d164
                    0x0042d166
                    0x0042d170
                    0x0042d173
                    0x0042d175
                    0x0042d175
                    0x0042d17d
                    0x0042d1d1
                    0x0042d1d1
                    0x0042d1d5
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d1d7
                    0x0042d1d7
                    0x0042d1d7
                    0x0042d1dc
                    0x0042d1de
                    0x0042d1e4
                    0x0042d207
                    0x0042d20c
                    0x0042d211
                    0x0042d211
                    0x0042d1e4
                    0x0042d214
                    0x0042d215
                    0x0042d216
                    0x0042d219
                    0x00000000
                    0x0042d17f
                    0x0042d17f
                    0x0042d184
                    0x0042d189
                    0x0042d191
                    0x00000000
                    0x00000000
                    0x0042d193
                    0x0042d19a
                    0x0042d19c
                    0x0042d19c
                    0x0042d1a2
                    0x0042d1a6
                    0x0042d1aa
                    0x0042d1ad
                    0x0042d1b3
                    0x0042d1b6
                    0x0042d1b6
                    0x0042d1be
                    0x0042d1c7
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042d1c9
                    0x0042d1cb
                    0x00000000
                    0x0042d1cb

                    APIs
                    • GetStartupInfoA.KERNEL32(?), ref: 0042D146
                    • GetFileType.KERNEL32(00000800), ref: 0042D1EC
                    • GetStdHandle.KERNEL32(-000000F6), ref: 0042D245
                    • GetFileType.KERNEL32(00000000), ref: 0042D253
                    • SetHandleCount.KERNEL32 ref: 0042D28A
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: FileHandleType$CountInfoStartup
                    • String ID:
                    • API String ID: 1710529072-0
                    • Opcode ID: 2a9bca985f0f83abb695eec6714d6ab89694787fa1885fa8be0d2e9b91193ffa
                    • Instruction ID: 0d4ab9d00deda7ea0c996840ac70bc8c4f784688f5e0523b25f30c1accac9768
                    • Opcode Fuzzy Hash: 2a9bca985f0f83abb695eec6714d6ab89694787fa1885fa8be0d2e9b91193ffa
                    • Instruction Fuzzy Hash: B8516C31F04761CBD7249B28EC447627BD0FB15364F9A43AAD4AACB2E1C738C885C769
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040118D Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                    Download Yara Rule
                    C-Code - Quality: 85%
                    			E0040118D(void* __eflags, void* __fp0, intOrPtr _a4) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _t5;
				intOrPtr _t6;
				struct HWND__* _t8;
				struct HWND__* _t9;
				long _t11;
				int _t16;
				void* _t20;
				void* _t22;

				_t5 =  *0x4726f8; // 0x36c6e6f
				_v4 = _v4 & 0x00000000;
				_t6 = _t5 + _a4;
				_v8 = _t6;
				asm("fild qword [esp+0x10]");
				asm("fild qword [0x4726f0]");
				 *0x4726f8 = _t6;
				asm("fdivp st1, st0");
				_t16 = E00428DB8();
				_t8 =  *0x472708; // 0x0
				if(_t8 != 0) {
					_t20 = _t16 -  *0x472700; // 0x0
					if(_t20 > 0) {
						SendMessageA(GetDlgItem(_t8, 0x3f0), 0x402, _t16, 0);
						 *0x472700 = _t16;
					}
				}
				_t9 =  *0x47270c; // 0x0
				if(_t9 == 0) {
					L6:
					return _t9;
				} else {
					_t22 = _t16 -  *0x472700; // 0x0
					if(_t22 <= 0) {
						goto L6;
					}
					_t11 = SendMessageA(GetDlgItem(_t9, 0x3f0), 0x402, _t16, 0);
					 *0x472700 = _t16;
					return _t11;
				}
			}













                    0x0040118f
                    0x00401194
                    0x00401199
                    0x004011a0
                    0x004011a5
                    0x004011a9
                    0x004011af
                    0x004011b4
                    0x004011cd
                    0x004011cf
                    0x004011db
                    0x004011dd
                    0x004011e3
                    0x004011f2
                    0x004011f4
                    0x004011f4
                    0x004011e3
                    0x004011fa
                    0x00401201
                    0x00401226
                    0x00401226
                    0x00401203
                    0x00401203
                    0x00401209
                    0x00000000
                    0x00000000
                    0x00401218
                    0x0040121a
                    0x00000000
                    0x0040121a

                    APIs
                    • __ftol.LIBCMT ref: 004011BC
                    • GetDlgItem.USER32 ref: 004011EB
                    • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 004011F2
                    • GetDlgItem.USER32 ref: 00401211
                    • SendMessageA.USER32(00000000,00000402,00000000,00000000), ref: 00401218
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ItemMessageSend$__ftol
                    • String ID:
                    • API String ID: 3531592567-0
                    • Opcode ID: 7d5c3ed103441be8d04b1629c4f0e18bba176d8f80a9384f0df9edfc7c57ebc7
                    • Instruction ID: c63c4088b09334feb189ad72f32467e9db68e97f6153afe0c95a4cc1245934e1
                    • Opcode Fuzzy Hash: 7d5c3ed103441be8d04b1629c4f0e18bba176d8f80a9384f0df9edfc7c57ebc7
                    • Instruction Fuzzy Hash: 0311C871A40301ABD724AB56FE45F5B77ECF748761F01483AF618F32A0CAB4A844876C
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043A6E5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 189COMMON
                    Download Yara Rule
                    C-Code - Quality: 93%
                    			E0043A6E5(void* __ecx, void* __edx, void* __eflags) {
				signed char _t95;
				signed char _t103;
				signed int _t108;
				signed char _t110;
				signed int _t118;
				signed char _t122;
				void* _t125;
				void* _t126;
				signed char _t134;
				signed int _t138;
				signed int _t139;
				void* _t141;
				void* _t182;
				void* _t185;
				intOrPtr _t187;

				_t141 = __ecx;
				E004291C0(E004504AC, _t185);
				E00429440(0x87a0, __ecx, __ecx);
				_t138 =  *(_t185 + 8);
				 *((intOrPtr*)(_t185 - 0x10)) = _t187;
				_t182 = _t141;
				 *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x10)))) = 0;
				if(_t138 != 0) {
					E00408BB0(_t185 - 0x1d0, __eflags);
					 *(_t185 - 4) = 0;
					E00408E00(_t185 - 0x1d0, _t138);
					 *(_t185 + 0xb) = 1;
					L0041F650(_t185 - 0x1c);
					 *(_t185 - 4) = 1;
					E004241A0(_t185 - 0x148, __eflags);
					_push(0);
					 *(_t185 - 4) = 2;
					_t95 = E004242B0(_t185 - 0x148, __edx, _t138);
					__eflags = _t95;
					if(_t95 == 0) {
						L8:
						E00408650(_t185 - 0xd8);
						 *(_t185 - 4) = 3;
						E0040D180(_t185 - 0x40, __eflags);
						 *(_t185 - 0xbc) =  *(_t185 - 0xbc) & 0x00000000;
						__eflags =  *(_t185 + 0xb);
						 *(_t185 - 4) = 4;
						if( *(_t185 + 0xb) != 0) {
							__eflags = E0040D4B0(_t185 - 0x40, _t185, _t138,  *((intOrPtr*)(_t185 + 0x14)));
							if(__eflags != 0) {
								goto L10;
							}
							_t139 = 0;
							goto L23;
						} else {
							E004082E0(_t185 - 0xd8, _t185 - 0x1c);
							L10:
							E0043C086(_t185 - 0x87b0, __eflags);
							 *(_t185 - 4) = 5;
							L00445E60(_t185 - 0x78);
							 *(_t185 - 4) = 6;
							E00446A40(_t185 - 0x78, 1);
							E00446340(_t185 - 0x78,  *((intOrPtr*)(_t185 + 0xc)));
							_t103 =  *(_t182 + 0x40);
							__eflags = _t103;
							if(_t103 != 0) {
								E00446AB0(_t185 - 0x78, _t103);
							}
							E0043C26D(_t185 - 0x87b0, _t185 - 0x78);
							__eflags =  *(_t185 + 0xb);
							 *(_t185 - 4) = 7;
							if( *(_t185 + 0xb) == 0) {
								 *(_t185 + 8) = 0;
								_t108 = E0043C2E5(_t185 - 0x87b0, _t185 - 0xd8, 0x32, _t185 + 8,  *((intOrPtr*)(_t185 + 0x14)), 0);
								_t156 =  *(_t182 + 0x40);
								_t139 = _t108;
								__eflags =  *(_t182 + 0x40);
								if( *(_t182 + 0x40) != 0) {
									_t122 = L00423D30(_t156);
									__eflags = _t122;
									if(_t122 != 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x14)))) + 0x10))("Inflate aborted by application.");
										_t139 = 0;
										__eflags = 0;
									}
								}
								E0041F6C0(_t185 - 0x1c);
							} else {
								_t125 = E0040CE40(_t185 - 0x40);
								_t126 = E00446F00(_t185 - 0x40);
								_push( *((intOrPtr*)(_t185 + 0x18)));
								_push( *((intOrPtr*)(_t185 + 0x14)));
								_push(0x1e);
								_push(_t125);
								_push(_t126);
								E0043C27E(_t185 - 0x87b0);
								__eflags =  *((char*)(_t185 - 0x1d4));
								_t139 = _t138 & 0xffffff00 |  *((char*)(_t185 - 0x1d4)) == 0x00000000;
							}
							 *(_t185 - 4) = 6;
							_t110 = L00423D30(_t185 - 0x78);
							__eflags = _t110;
							if(_t110 == 0) {
								__eflags = _t139;
								if(_t139 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x10)))) = E00446AA0(_t185 - 0x78);
								}
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x14)))) + 0x10))("Inflate failed to write to output file");
								_t139 = 0;
								__eflags = 0;
							}
							 *(_t185 - 4) = 5;
							L00445EA0(_t185 - 0x78);
							 *(_t185 - 4) = 4;
							E0043C1F5(_t185 - 0x87b0);
							L23:
							 *(_t185 - 4) = 3;
							L0040D850(_t185 - 0x40);
							 *(_t185 - 4) = 2;
							E004086C0(_t185 - 0xd8);
							 *(_t185 - 4) = 1;
							E00424250(_t185 - 0x148, __eflags);
							 *(_t185 - 4) =  *(_t185 - 4) & 0x00000000;
							L0041F700(_t185 - 0x1c);
							_t80 = _t185 - 4;
							 *_t80 =  *(_t185 - 4) | 0xffffffff;
							__eflags =  *_t80;
							E00408C80(_t185 - 0x1d0);
							_t118 = _t139;
							goto L24;
						}
					}
					__eflags =  *(_t185 - 0xfc);
					if(__eflags < 0) {
						goto L8;
					}
					if(__eflags > 0) {
						L6:
						_t134 = E0040C900(_t185 - 0x1c, _t185 - 0x1d0, _t185 - 0x20, 0);
						__eflags = _t134;
						if(_t134 != 0) {
							_t20 = _t185 + 0xb;
							 *_t20 =  *(_t185 + 0xb) & 0x00000000;
							__eflags =  *_t20;
						}
						goto L8;
					}
					__eflags =  *((intOrPtr*)(_t185 - 0x100)) - 0x3d0900;
					if( *((intOrPtr*)(_t185 - 0x100)) <= 0x3d0900) {
						goto L8;
					}
					goto L6;
				} else {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x14)))) + 0x10))("Inflate failed: no input filename");
					_t118 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t185 - 0xc));
					return _t118;
				}
			}


















                    0x0043a6e5
                    0x0043a6ea
                    0x0043a6f5
                    0x0043a6fe
                    0x0043a707
                    0x0043a70a
                    0x0043a70c
                    0x0043a70e
                    0x0043a72a
                    0x0043a736
                    0x0043a739
                    0x0043a741
                    0x0043a745
                    0x0043a750
                    0x0043a754
                    0x0043a759
                    0x0043a761
                    0x0043a765
                    0x0043a76a
                    0x0043a76c
                    0x0043a7a4
                    0x0043a7aa
                    0x0043a7b2
                    0x0043a7b6
                    0x0043a7bb
                    0x0043a7c2
                    0x0043a7c6
                    0x0043a7ca
                    0x0043a877
                    0x0043a879
                    0x00000000
                    0x00000000
                    0x0043a87f
                    0x00000000
                    0x0043a7d0
                    0x0043a7da
                    0x0043a7df
                    0x0043a7e5
                    0x0043a7ed
                    0x0043a7f1
                    0x0043a7fb
                    0x0043a7ff
                    0x0043a80a
                    0x0043a80f
                    0x0043a812
                    0x0043a814
                    0x0043a81a
                    0x0043a81a
                    0x0043a829
                    0x0043a82e
                    0x0043a832
                    0x0043a836
                    0x0043a893
                    0x0043a8a0
                    0x0043a8a5
                    0x0043a8a8
                    0x0043a8aa
                    0x0043a8ac
                    0x0043a8ae
                    0x0043a8b3
                    0x0043a8b5
                    0x0043a8c1
                    0x0043a8c4
                    0x0043a8c4
                    0x0043a8c4
                    0x0043a8b5
                    0x0043a8c9
                    0x0043a838
                    0x0043a83b
                    0x0043a845
                    0x0043a84a
                    0x0043a853
                    0x0043a856
                    0x0043a858
                    0x0043a859
                    0x0043a85a
                    0x0043a85f
                    0x0043a866
                    0x0043a866
                    0x0043a8d1
                    0x0043a8d8
                    0x0043a8dd
                    0x0043a8df
                    0x0043a967
                    0x0043a969
                    0x0043a976
                    0x0043a976
                    0x0043a8e5
                    0x0043a8ef
                    0x0043a8f2
                    0x0043a8f2
                    0x0043a8f2
                    0x0043a8f7
                    0x0043a8fb
                    0x0043a906
                    0x0043a90a
                    0x0043a90f
                    0x0043a912
                    0x0043a916
                    0x0043a921
                    0x0043a925
                    0x0043a930
                    0x0043a934
                    0x0043a939
                    0x0043a940
                    0x0043a945
                    0x0043a945
                    0x0043a945
                    0x0043a94f
                    0x0043a954
                    0x00000000
                    0x0043a954
                    0x0043a7ca
                    0x0043a76e
                    0x0043a774
                    0x00000000
                    0x00000000
                    0x0043a776
                    0x0043a784
                    0x0043a794
                    0x0043a79c
                    0x0043a79e
                    0x0043a7a0
                    0x0043a7a0
                    0x0043a7a0
                    0x0043a7a0
                    0x00000000
                    0x0043a79e
                    0x0043a778
                    0x0043a782
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0043a710
                    0x0043a71a
                    0x0043a71d
                    0x0043a956
                    0x0043a95b
                    0x0043a964
                    0x0043a964

                    APIs
                    Strings
                    • Inflate failed to write to output file, xrefs: 0043A8E8
                    • Inflate failed: no input filename, xrefs: 0043A713
                    • Inflate aborted by application., xrefs: 0043A8BA
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Inflate aborted by application.$Inflate failed to write to output file$Inflate failed: no input filename
                    • API String ID: 3519838083-1776680609
                    • Opcode ID: cc5d323cd2d856404740c51ba3e6e9acb3c9ac82987ff851366aa1c9a6523700
                    • Instruction ID: 80ea1a8dd1b1107d4cfa795fc6b8edd0d070ff57c04b392684472cd179a85503
                    • Opcode Fuzzy Hash: cc5d323cd2d856404740c51ba3e6e9acb3c9ac82987ff851366aa1c9a6523700
                    • Instruction Fuzzy Hash: A9719030804258DADF15EFA1C895BEEBB74AF19308F54409EE44577282DB3C9B49CF2A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0040AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                    Download Yara Rule
                    C-Code - Quality: 94%
                    			E0040AD10(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v4;
				intOrPtr _v12;
				char _v16;
				char _v164;
				char _v176;
				char _v300;
				char _v436;
				char _v440;
				char _v448;
				void* __ebp;
				signed int _t42;
				signed int _t47;
				signed int _t49;
				intOrPtr* _t73;
				signed int _t78;
				intOrPtr* _t81;
				intOrPtr* _t84;
				intOrPtr _t86;
				void* _t87;

				_t74 = __edx;
				_push(0xffffffff);
				_push(0x44ded1);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t86;
				_t87 = _t86 - 0x1a8;
				_t84 = _a12;
				_t81 = _a8;
				_t77 = _a4;
				 *_t84 = 0;
				 *_t81 = 0xffffffff;
				if(E00408CF0(_a4, __edx) != 0) {
					E00408BB0( &_v436, __eflags);
					_v4 = 0;
					L00409A00( &_v436, _t84, _t77);
					L00409D00( &_v440, _t84, __eflags, 0x2f, 0x5c);
					_t78 = E00408CF0( &_v448, _t74);
					E004252D0( &_v176);
					__eflags = _t78 - 0x104;
					_v16 = 1;
					if(_t78 >= 0x104) {
						L9:
						__eflags = _t78;
						if(__eflags <= 0) {
							 *_t81 = GetFileAttributesW(E00409030( &_v436, _t84));
						} else {
							E00408BB0( &_v300, __eflags);
							_v4 = 2;
							E0040A2C0( &_v436, _t84, __eflags,  &_v436,  &_v300);
							_t87 = _t87 + 8;
							 *_t81 = GetFileAttributesW(E00409030( &_v300, _t84));
							_v4 = 1;
							_t39 = E00408C80( &_v300);
						}
						__eflags =  *_t81 - 0xffffffff;
						if(__eflags == 0) {
							goto L13;
						}
					} else {
						_t47 = E004091A0( &_v436);
						__eflags = _t47;
						if(_t47 != 0) {
							L7:
							_t39 = E0040CA40(E004093B0( &_v436));
							_t87 = _t87 + 4;
							__eflags = _t39 - 0xffffffff;
							 *_t81 = _t39;
							if(_t39 == 0xffffffff) {
								L13:
								 *_t84 = GetLastError();
							}
							__eflags =  *_t81 - 0xffffffff;
						} else {
							_t49 = E00425320( &_v164);
							__eflags = _t49;
							if(_t49 == 0) {
								goto L9;
							} else {
								goto L7;
							}
						}
					}
					_v4 = 0;
					_t27 = __eflags != 0;
					__eflags = _t27;
					E00425310(_t39,  &_v164);
					_v4 = 0xffffffff;
					E00408C80( &_v436);
					_t42 = 0 | _t27;
				} else {
					_t73 = _a16;
					if(_t73 != 0) {
						 *((intOrPtr*)( *_t73 + 0x10))("GetAttributes: filename is empty");
					}
					_t42 = 0;
				}
				 *[fs:0x0] = _v12;
				return _t42;
			}






















                    0x0040ad10
                    0x0040ad16
                    0x0040ad18
                    0x0040ad1d
                    0x0040ad1e
                    0x0040ad25
                    0x0040ad2c
                    0x0040ad34
                    0x0040ad3c
                    0x0040ad43
                    0x0040ad4c
                    0x0040ad59
                    0x0040ad7c
                    0x0040ad86
                    0x0040ad91
                    0x0040ad9e
                    0x0040adb3
                    0x0040adb5
                    0x0040adbc
                    0x0040adc2
                    0x0040adc9
                    0x0040ae03
                    0x0040ae03
                    0x0040ae05
                    0x0040ae6a
                    0x0040ae07
                    0x0040ae0e
                    0x0040ae20
                    0x0040ae28
                    0x0040ae2d
                    0x0040ae4a
                    0x0040ae4c
                    0x0040ae53
                    0x0040ae53
                    0x0040ae6c
                    0x0040ae6f
                    0x00000000
                    0x00000000
                    0x0040adcb
                    0x0040adcf
                    0x0040add4
                    0x0040add6
                    0x0040ade8
                    0x0040adf2
                    0x0040adf7
                    0x0040adfa
                    0x0040adfd
                    0x0040adff
                    0x0040ae71
                    0x0040ae77
                    0x0040ae77
                    0x0040ae7a
                    0x0040add8
                    0x0040addf
                    0x0040ade4
                    0x0040ade6
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0040ade6
                    0x0040add6
                    0x0040ae84
                    0x0040ae8c
                    0x0040ae8c
                    0x0040ae8f
                    0x0040ae98
                    0x0040aea3
                    0x0040aea8
                    0x0040ad5b
                    0x0040ad5b
                    0x0040ad64
                    0x0040ad6d
                    0x0040ad6d
                    0x0040ad70
                    0x0040ad70
                    0x0040aeb5
                    0x0040aec2

                    APIs
                    • GetFileAttributesW.KERNEL32(00000000,00000000,00000000), ref: 0040AE3D
                    • GetFileAttributesW.KERNEL32(00000000,0000002F,0000005C), ref: 0040AE64
                    • GetLastError.KERNEL32 ref: 0040AE71
                    Strings
                    • GetAttributes: filename is empty, xrefs: 0040AD68
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AttributesFile$ErrorLast
                    • String ID: GetAttributes: filename is empty
                    • API String ID: 365566950-3370875058
                    • Opcode ID: 9135e7fa3248effefe1a4eae2ab7cfcbe8ae9d357309e9ad0a2f9394914498bd
                    • Instruction ID: 83c76fcdcb18adc03c94c328e3b79c40896cc36e6ca31898bf664790eee522c6
                    • Opcode Fuzzy Hash: 9135e7fa3248effefe1a4eae2ab7cfcbe8ae9d357309e9ad0a2f9394914498bd
                    • Instruction Fuzzy Hash: A24190700487819BD724EF25C851BEEB3E4BFA4314F500A3EE4D6632D2EB399409CA5B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043AB0C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                    Download Yara Rule
                    C-Code - Quality: 71%
                    			E0043AB0C(void* __ecx, void* __eflags) {
				signed int _t40;
				signed int _t44;
				signed int _t48;
				intOrPtr _t49;
				void* _t58;
				intOrPtr* _t74;
				void* _t77;
				intOrPtr* _t78;
				void* _t80;

				_t58 = __ecx;
				E004291C0(E004504EB, _t80);
				E00429440(0x8618, __ecx);
				_t74 =  *((intOrPtr*)(_t80 + 0x14));
				_t77 = _t58;
				 *_t74 = 0;
				if( *((intOrPtr*)(_t80 + 8)) != 0) {
					E0043C086(_t80 - 0x8624, __eflags);
					 *(_t80 - 4) = 0;
					L00445E60(_t80 - 0x44);
					_push(1);
					_pop(0);
					 *(_t80 - 4) = 0;
					E00446A40(_t80 - 0x44, 0);
					E00446340(_t80 - 0x44,  *((intOrPtr*)(_t80 + 0x10)));
					_t40 =  *(_t77 + 0x40);
					__eflags = _t40;
					if(_t40 != 0) {
						E00446AB0(_t80 - 0x44, _t40);
					}
					E0043C26D(_t80 - 0x8624, _t80 - 0x44);
					_push( *((intOrPtr*)(_t80 + 0x1c)));
					_t78 =  *((intOrPtr*)(_t80 + 0x18));
					_push(_t78);
					_push(0x20);
					_push( *((intOrPtr*)(_t80 + 0xc)));
					_push( *((intOrPtr*)(_t80 + 8)));
					E0043C27E(_t80 - 0x8624);
					__eflags =  *((char*)(_t80 - 0x48));
					if( *((char*)(_t80 - 0x48)) == 0) {
						_t44 = L00423D30(_t80 - 0x44);
						__eflags = _t44;
						if(_t44 == 0) {
							 *_t74 = E00446AA0(_t80 - 0x44);
						} else {
							_t49 =  *_t78;
							_push("Sink write failed.");
							goto L6;
						}
					} else {
						_t49 =  *_t78;
						_push("Internal error in huffman decoding.");
						L6:
						 *((intOrPtr*)(_t49 + 0x10))();
					}
					 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
					L00445EA0(_t80 - 0x44);
					_t28 = _t80 - 4;
					 *_t28 =  *(_t80 - 4) | 0xffffffff;
					__eflags =  *_t28;
					E0043C1F5(_t80 - 0x8624);
					_t48 = 0;
				} else {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t80 + 0x18)))) + 0x10))("No input data");
					_t48 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0xc));
				return _t48;
			}












                    0x0043ab0c
                    0x0043ab11
                    0x0043ab1b
                    0x0043ab23
                    0x0043ab28
                    0x0043ab2d
                    0x0043ab2f
                    0x0043ab4b
                    0x0043ab53
                    0x0043ab56
                    0x0043ab5b
                    0x0043ab60
                    0x0043ab62
                    0x0043ab65
                    0x0043ab70
                    0x0043ab75
                    0x0043ab78
                    0x0043ab7a
                    0x0043ab80
                    0x0043ab80
                    0x0043ab8f
                    0x0043ab94
                    0x0043ab97
                    0x0043aba0
                    0x0043aba1
                    0x0043aba3
                    0x0043aba6
                    0x0043aba9
                    0x0043abae
                    0x0043abb2
                    0x0043abc7
                    0x0043abcc
                    0x0043abce
                    0x0043abe1
                    0x0043abd0
                    0x0043abd0
                    0x0043abd2
                    0x00000000
                    0x0043abd2
                    0x0043abb4
                    0x0043abb4
                    0x0043abb6
                    0x0043abbb
                    0x0043abbd
                    0x0043abc0
                    0x0043abe3
                    0x0043abea
                    0x0043abef
                    0x0043abef
                    0x0043abef
                    0x0043abf9
                    0x0043abfe
                    0x0043ab31
                    0x0043ab3b
                    0x0043ab3e
                    0x0043ab3e
                    0x0043ac06
                    0x0043ac0e

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: Internal error in huffman decoding.$No input data$Sink write failed.
                    • API String ID: 3519838083-2070250178
                    • Opcode ID: af286cf42393dbf7c928ecc4208f88f20a1b0134fe3c64506c89e0d43901a489
                    • Instruction ID: e7a13f0bc50034d6fd58fe1f98e3a62fe033e3fabdb193c83f633f330789c9d7
                    • Opcode Fuzzy Hash: af286cf42393dbf7c928ecc4208f88f20a1b0134fe3c64506c89e0d43901a489
                    • Instruction Fuzzy Hash: CA318D30500109DBCF14EFA5C982ADEB7B4BF19308F61409AE54267192DB38AE15DB5A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 004010F3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                    Download Yara Rule
                    C-Code - Quality: 86%
                    			E004010F3(void* __edx, void* __eflags) {
				void* _t42;

				E004291C0(0x44d6cb, _t42);
				_push(0x472498);
				 *((intOrPtr*)(_t42 - 0x10)) = 0x472498;
				E00404B36(0x4724a0, __edx, __eflags);
				 *((intOrPtr*)(_t42 - 4)) = 0;
				 *0x472498 = 0x451220;
				E00404CDC(0x4724a0, "SfxConfig");
				_push("utf-8");
				E00405270(0x4724a0);
				E0040496A(0x472498, 0);
				E00404AFE(0x472498, 0);
				E00404A24(0x472498, 0);
				E00404A76(0x472498, 1);
				E00404A46(0x472498, 1);
				E00404ADC(0x472498, 1);
				E0040497E(0x472498, 0);
				E004049A0(0x472498, 0x80);
				 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
				return 0x472498;
			}




                    0x00404791
                    0x00404796
                    0x0040479c
                    0x004047a4
                    0x004047b2
                    0x004047b5
                    0x004047bb
                    0x004047c0
                    0x004047c7
                    0x004047cf
                    0x004047d7
                    0x004047df
                    0x004047e8
                    0x004047f1
                    0x004047fa
                    0x00404802
                    0x0040480e
                    0x0040481b
                    0x00404823

                    APIs
                    • __EH_prolog.LIBCMT ref: 00404791
                      • Part of subcall function 00404B36: __EH_prolog.LIBCMT ref: 00404B3B
                      • Part of subcall function 00405270: __EH_prolog.LIBCMT ref: 00405275
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: $H@$SfxConfig$utf-8
                    • API String ID: 3519838083-3312423833
                    • Opcode ID: 2ffd2de9999dae778a9180ad4a1ce44f95b89d4d2c45d7c842bce7bbb9420d30
                    • Instruction ID: a3665b2aa01b533f33cd5c9cc9bace220141d53c848b70aabb6f76b9328e3ee8
                    • Opcode Fuzzy Hash: 2ffd2de9999dae778a9180ad4a1ce44f95b89d4d2c45d7c842bce7bbb9420d30
                    • Instruction Fuzzy Hash: 760175F074062067DA05BB675852B7EA55A9BC4B08F40403FF606B72C2CFBD1D05469E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042AD41 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                    Download Yara Rule
                    C-Code - Quality: 67%
                    			E0042AD41() {
				signed int _v12;
				signed long long _v20;
				signed long long _v28;
				void* _t10;
				struct HINSTANCE__* _t19;

				_t19 = GetModuleHandleA("KERNEL32");
				if(_t19 == 0) {
					L6:
					_v12 =  *0x4551d0;
					_v20 =  *0x4551c8;
					asm("fsubr qword [ebp-0x10]");
					_v28 = _v20 / _v12 * _v12;
					asm("fcomp qword [0x455180]");
					asm("fnstsw ax");
					asm("sahf");
					if(_t19 <= 0) {
						return 0;
					} else {
						_t10 = 1;
						return _t10;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}








                    0x0042ad4c
                    0x0042ad4e
                    0x0042ad65
                    0x0042ad0f
                    0x0042ad18
                    0x0042ad24
                    0x0042ad27
                    0x0042ad2d
                    0x0042ad33
                    0x0042ad35
                    0x0042ad36
                    0x0042ad40
                    0x0042ad38
                    0x0042ad3a
                    0x0042ad3c
                    0x0042ad3c
                    0x0042ad50
                    0x0042ad56
                    0x0042ad5e
                    0x00000000
                    0x0042ad60
                    0x0042ad60
                    0x0042ad64
                    0x0042ad64
                    0x0042ad5e

                    APIs
                    • GetModuleHandleA.KERNEL32(KERNEL32,00428D70), ref: 0042AD46
                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0042AD56
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: AddressHandleModuleProc
                    • String ID: IsProcessorFeaturePresent$KERNEL32
                    • API String ID: 1646373207-3105848591
                    • Opcode ID: 58ce2c6ae69e88ce9c9dae18cbe48215652b1660a1fca357ad9352fbac10ab07
                    • Instruction ID: 15c67d4595e59ed386b3821612a48b54be46a9f6b8ec2075d9950042c79bd097
                    • Opcode Fuzzy Hash: 58ce2c6ae69e88ce9c9dae18cbe48215652b1660a1fca357ad9352fbac10ab07
                    • Instruction Fuzzy Hash: 65C01220794B116BDA201BB23C1DB2639092B08F43F6804A2AE02D1AA6EE98C050852E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042A93E Relevance: 6.5, APIs: 5, Instructions: 246COMMON
                    Download Yara Rule
                    C-Code - Quality: 69%
                    			E0042A93E(void* _a4, long _a8) {
				char _v8;
				void* __ecx;
				intOrPtr _t28;
				long _t29;
				long _t30;
				long _t31;
				long _t38;
				long _t41;
				long _t44;
				long _t47;
				long _t52;
				long _t55;
				long _t58;
				long _t60;
				long _t65;
				long _t66;
				void* _t68;
				long _t79;
				long _t83;
				void* _t89;

				_push(_t68);
				if(_a4 != 0) {
					_t83 = _a8;
					__eflags = _t83;
					if(_t83 != 0) {
						_t28 =  *0x476764;
						__eflags = _t28 - 3;
						if(_t28 != 3) {
							__eflags = _t28 - 2;
							if(_t28 != 2) {
								do {
									_t29 = 0;
									__eflags = _t83 - 0xffffffe0;
									if(_t83 > 0xffffffe0) {
										L57:
										__eflags =  *0x473b80;
										if( *0x473b80 == 0) {
											goto L60;
										}
										goto L58;
									}
									__eflags = _t83;
									if(_t83 == 0) {
										_t83 = 1;
									}
									_t83 = _t83 + 0x0000000f & 0xfffffff0;
									_t29 = HeapReAlloc( *0x476760, 0, _a4, _t83);
									__eflags = _t29;
									if(_t29 != 0) {
										goto L60;
									} else {
										goto L57;
									}
									L58:
									_t30 = E00430301(_t83);
									__eflags = _t30;
								} while (_t30 != 0);
								goto L59;
							}
							__eflags = _t83 - 0xffffffe0;
							if(_t83 <= 0xffffffe0) {
								__eflags = _t83;
								if(_t83 <= 0) {
									_t83 = 0x10;
								} else {
									_t83 = _t83 + 0x0000000f & 0xfffffff0;
								}
							}
							do {
								_t79 = 0;
								__eflags = _t83 - 0xffffffe0;
								if(_t83 > 0xffffffe0) {
									L50:
									__eflags =  *0x473b80;
									if( *0x473b80 == 0) {
										L28:
										_t29 = _t79;
										goto L60;
									}
									goto L51;
								}
								_t65 = L0042FE90(_a4,  &_v8,  &_a8);
								_t89 = _t89 + 0xc;
								__eflags = _t65;
								if(_t65 == 0) {
									_t79 = HeapReAlloc( *0x476760, 0, _a4, _t83);
									L49:
									__eflags = _t79;
									if(_t79 != 0) {
										goto L28;
									}
									goto L50;
								}
								__eflags = _t83 -  *0x46dca4; // 0x1e0
								if(__eflags >= 0) {
									L44:
									_t79 = HeapAlloc( *0x476760, 0, _t83);
									__eflags = _t79;
									if(_t79 == 0) {
										goto L50;
									}
									_t38 = ( *_t65 & 0x000000ff) << 4;
									__eflags = _t38 - _t83;
									if(_t38 >= _t83) {
										_t38 = _t83;
									}
									E0042E980(_t79, _a4, _t38);
									L0042FEE7(_v8, _a8, _t65);
									_t89 = _t89 + 0x18;
									goto L49;
								}
								_t81 = _t83 >> 4;
								_t41 = E00430258(_t68, _v8, _a8, _t65, _t83 >> 4);
								_t89 = _t89 + 0x10;
								__eflags = _t41;
								if(_t41 == 0) {
									_t79 = L0042FF2C(_t68, _t81);
									__eflags = _t79;
									if(_t79 == 0) {
										goto L44;
									}
									_t44 = ( *_t65 & 0x000000ff) << 4;
									__eflags = _t44 - _t83;
									if(_t44 >= _t83) {
										_t44 = _t83;
									}
									E0042E980(_t79, _a4, _t44);
									L0042FEE7(_v8, _a8, _t65);
									_t89 = _t89 + 0x18;
									L43:
									__eflags = _t79;
									if(_t79 != 0) {
										goto L28;
									}
									goto L44;
								}
								_t79 = _a4;
								goto L43;
								L51:
								_t31 = E00430301(_t83);
								__eflags = _t31;
								_pop(_t68);
							} while (_t31 != 0);
							goto L59;
						} else {
							goto L5;
						}
						do {
							L5:
							_t79 = 0;
							__eflags = _t83 - 0xffffffe0;
							if(_t83 > 0xffffffe0) {
								L25:
								__eflags =  *0x473b80;
								if( *0x473b80 == 0) {
									goto L28;
								}
								goto L26;
							}
							_t66 = E0042F135(_a4);
							__eflags = _t66;
							if(_t66 == 0) {
								L21:
								__eflags = _t83;
								if(_t83 == 0) {
									_t83 = 1;
								}
								_t83 = _t83 + 0x0000000f & 0xfffffff0;
								__eflags = _t83;
								_t79 = HeapReAlloc( *0x476760, 0, _a4, _t83);
								L24:
								__eflags = _t79;
								if(_t79 != 0) {
									goto L28;
								}
								goto L25;
							}
							__eflags = _t83 -  *0x47675c;
							if(_t83 >  *0x47675c) {
								L14:
								__eflags = _t83;
								if(_t83 == 0) {
									_t83 = 1;
								}
								_t83 = _t83 + 0x0000000f & 0xfffffff0;
								_t79 = HeapAlloc( *0x476760, 0, _t83);
								__eflags = _t79;
								if(_t79 != 0) {
									_t73 = _a4;
									_t52 =  *((intOrPtr*)(_a4 - 4)) - 1;
									__eflags = _t52 - _t83;
									if(_t52 >= _t83) {
										_t52 = _t83;
									}
									E0042E980(_t79, _t73, _t52);
									_push(_a4);
									_push(_t66);
									E0042F160();
									_t89 = _t89 + 0x14;
								}
								L20:
								__eflags = _t66;
								if(_t66 != 0) {
									goto L24;
								}
								goto L21;
							}
							_t79 = _a4;
							_push(_t83);
							_push(_t79);
							_push(_t66);
							_t55 = L0042F93E();
							_t89 = _t89 + 0xc;
							__eflags = _t55;
							if(_t55 != 0) {
								L13:
								__eflags = _t79;
								if(_t79 != 0) {
									goto L20;
								}
								goto L14;
							}
							_push(_t83);
							_t79 = E0042F489();
							__eflags = _t79;
							if(_t79 == 0) {
								goto L14;
							}
							_t67 = _a4;
							_t58 =  *((intOrPtr*)(_a4 - 4)) - 1;
							__eflags = _t58 - _t83;
							if(_t58 >= _t83) {
								_t58 = _t83;
							}
							E0042E980(_t79, _t67, _t58);
							_t60 = E0042F135(_t67);
							_push(_a4);
							_t66 = _t60;
							_push(_t66);
							E0042F160();
							_t89 = _t89 + 0x18;
							goto L13;
							L26:
							_t47 = E00430301(_t83);
							__eflags = _t47;
						} while (_t47 != 0);
						goto L59;
					} else {
						E0042B1A5(_t68, _a4);
						L59:
						_t29 = 0;
						__eflags = 0;
						goto L60;
					}
				} else {
					_t29 = E0042AC3F(_a8);
					L60:
					return _t29;
				}
			}























                    0x0042a941
                    0x0042a949
                    0x0042a959
                    0x0042a95c
                    0x0042a95e
                    0x0042a96e
                    0x0042a973
                    0x0042a976
                    0x0042aa7e
                    0x0042aa81
                    0x0042ab99
                    0x0042ab99
                    0x0042ab9b
                    0x0042ab9e
                    0x0042abc3
                    0x0042abc3
                    0x0042abca
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042abca
                    0x0042aba0
                    0x0042aba2
                    0x0042aba6
                    0x0042aba6
                    0x0042abaa
                    0x0042abb9
                    0x0042abbf
                    0x0042abc1
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042abcc
                    0x0042abcd
                    0x0042abd2
                    0x0042abd4
                    0x00000000
                    0x0042ab99
                    0x0042aa87
                    0x0042aa8a
                    0x0042aa8c
                    0x0042aa8e
                    0x0042aa9a
                    0x0042aa90
                    0x0042aa93
                    0x0042aa93
                    0x0042aa8e
                    0x0042aa9b
                    0x0042aa9b
                    0x0042aa9d
                    0x0042aaa0
                    0x0042ab7b
                    0x0042ab7b
                    0x0042ab82
                    0x0042aa77
                    0x0042aa77
                    0x00000000
                    0x0042aa77
                    0x00000000
                    0x0042ab82
                    0x0042aab6
                    0x0042aab8
                    0x0042aabb
                    0x0042aabd
                    0x0042ab71
                    0x0042ab73
                    0x0042ab73
                    0x0042ab75
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042ab75
                    0x0042aac3
                    0x0042aac9
                    0x0042ab23
                    0x0042ab32
                    0x0042ab34
                    0x0042ab36
                    0x00000000
                    0x00000000
                    0x0042ab3b
                    0x0042ab3e
                    0x0042ab40
                    0x0042ab42
                    0x0042ab42
                    0x0042ab49
                    0x0042ab55
                    0x0042ab5a
                    0x00000000
                    0x0042ab5a
                    0x0042aacd
                    0x0042aad8
                    0x0042aadd
                    0x0042aae0
                    0x0042aae2
                    0x0042aaef
                    0x0042aaf2
                    0x0042aaf4
                    0x00000000
                    0x00000000
                    0x0042aaf9
                    0x0042aafc
                    0x0042aafe
                    0x0042ab00
                    0x0042ab00
                    0x0042ab07
                    0x0042ab13
                    0x0042ab18
                    0x0042ab1b
                    0x0042ab1b
                    0x0042ab1d
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042ab1d
                    0x0042aae4
                    0x00000000
                    0x0042ab88
                    0x0042ab89
                    0x0042ab8e
                    0x0042ab90
                    0x0042ab90
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042a97c
                    0x0042a97c
                    0x0042a97c
                    0x0042a97e
                    0x0042a981
                    0x0042aa5a
                    0x0042aa5a
                    0x0042aa61
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042aa61
                    0x0042a98f
                    0x0042a992
                    0x0042a994
                    0x0042aa35
                    0x0042aa35
                    0x0042aa37
                    0x0042aa3b
                    0x0042aa3b
                    0x0042aa3f
                    0x0042aa3f
                    0x0042aa54
                    0x0042aa56
                    0x0042aa56
                    0x0042aa58
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042aa58
                    0x0042a99a
                    0x0042a9a0
                    0x0042a9ee
                    0x0042a9ee
                    0x0042a9f0
                    0x0042a9f4
                    0x0042a9f4
                    0x0042a9f8
                    0x0042aa0a
                    0x0042aa0c
                    0x0042aa0e
                    0x0042aa10
                    0x0042aa16
                    0x0042aa17
                    0x0042aa19
                    0x0042aa1b
                    0x0042aa1b
                    0x0042aa20
                    0x0042aa25
                    0x0042aa28
                    0x0042aa29
                    0x0042aa2e
                    0x0042aa2e
                    0x0042aa31
                    0x0042aa31
                    0x0042aa33
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042aa33
                    0x0042a9a2
                    0x0042a9a5
                    0x0042a9a6
                    0x0042a9a7
                    0x0042a9a8
                    0x0042a9ad
                    0x0042a9b0
                    0x0042a9b2
                    0x0042a9ea
                    0x0042a9ea
                    0x0042a9ec
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042a9ec
                    0x0042a9b4
                    0x0042a9ba
                    0x0042a9bd
                    0x0042a9bf
                    0x00000000
                    0x00000000
                    0x0042a9c1
                    0x0042a9c7
                    0x0042a9c8
                    0x0042a9ca
                    0x0042a9cc
                    0x0042a9cc
                    0x0042a9d1
                    0x0042a9d7
                    0x0042a9dc
                    0x0042a9df
                    0x0042a9e1
                    0x0042a9e2
                    0x0042a9e7
                    0x00000000
                    0x0042aa63
                    0x0042aa64
                    0x0042aa69
                    0x0042aa6b
                    0x00000000
                    0x0042a960
                    0x0042a963
                    0x0042abd7
                    0x0042abd7
                    0x0042abd7
                    0x00000000
                    0x0042abd7
                    0x0042a94b
                    0x0042a94e
                    0x0042abd9
                    0x0042abdd
                    0x0042abdd

                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2c013aef686dd3b119686b007016823ca4eddc4bb4abe42c8e750d9a3fe2fc2c
                    • Instruction ID: 7b40b691aae9d384a159e440ea88707752c755fcf9ee1b34fed4f308da96bae3
                    • Opcode Fuzzy Hash: 2c013aef686dd3b119686b007016823ca4eddc4bb4abe42c8e750d9a3fe2fc2c
                    • Instruction Fuzzy Hash: A4712832700534BBDB226A25BD44BAB3A26DF407A4F920137FD159A3A1D738DD60D68E
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042E786 Relevance: 6.2, APIs: 4, Instructions: 174fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0042E786(signed int _a4, void* _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				long _t74;
				signed int _t77;
				intOrPtr _t83;
				signed char _t84;
				signed char _t86;
				long _t87;
				void _t89;
				signed char _t91;
				char _t99;
				long _t102;
				void _t103;
				intOrPtr* _t105;
				void* _t106;
				signed char* _t107;
				long _t109;
				signed int _t112;
				signed char _t114;
				long _t115;
				void* _t116;
				signed int _t118;
				signed int _t120;
				signed char* _t121;
				void* _t122;

				_t118 = _a4;
				if(_t118 >=  *0x476880) {
					L44:
					 *0x4738cc =  *0x4738cc & 0x00000000;
					 *0x4738c8 = 9;
					L45:
					return _t74 | 0xffffffff;
				}
				_t77 = _t118 >> 5;
				_t120 = (_t118 & 0x0000001f) << 3;
				_t105 = 0x476780 + _t77 * 4;
				_t74 =  *((intOrPtr*)(0x476780 + _t77 * 4)) + _t120;
				_t114 =  *((intOrPtr*)(_t74 + 4));
				if((_t114 & 0x00000001) == 0) {
					goto L44;
				}
				_v12 = _v12 & 0x00000000;
				_t116 = _a8;
				_t106 = _t116;
				if(_a12 == 0 || (_t114 & 0x00000002) != 0) {
					L11:
					return 0;
				} else {
					if((_t114 & 0x00000048) != 0) {
						_t103 =  *((intOrPtr*)(_t74 + 5));
						if(_t103 != 0xa) {
							_a12 = _a12 - 1;
							 *_t116 = _t103;
							_t106 = _t116 + 1;
							_v12 = 1;
							 *((char*)( *_t105 + _t120 + 5)) = 0xa;
						}
					}
					if(ReadFile( *( *_t105 + _t120), _t106, _a12,  &_v16, 0) != 0) {
						_t83 =  *_t105;
						_t115 = _v16;
						_v12 = _v12 + _t115;
						_t31 = _t120 + 4; // 0x4
						_t107 = _t83 + _t31;
						_t84 =  *((intOrPtr*)(_t83 + _t120 + 4));
						if((_t84 & 0x00000080) == 0) {
							L43:
							return _v12;
						}
						if(_t115 == 0 ||  *_t116 != 0xa) {
							_t86 = _t84 & 0x000000fb;
						} else {
							_t86 = _t84 | 0x00000004;
						}
						 *_t107 = _t86;
						_t87 = _a8;
						_a12 = _t87;
						_t109 = _v12 + _t87;
						_v12 = _t109;
						if(_t87 >= _t109) {
							L42:
							_v12 = _t116 - _a8;
							goto L43;
						} else {
							while(1) {
								_t89 =  *_a12;
								if(_t89 == 0x1a) {
									break;
								}
								if(_t89 == 0xd) {
									if(_a12 >= _t109 - 1) {
										_a12 = _a12 + 1;
										if(ReadFile( *( *_t105 + _t120),  &_v5, 1,  &_v16, 0) != 0 || GetLastError() == 0) {
											if(_v16 == 0) {
												goto L36;
											}
											if(( *( *_t105 + _t120 + 4) & 0x00000048) == 0) {
												if(_t116 != _a8 || _v5 != 0xa) {
													E0042E63B(_a4, 0xffffffff, 1);
													_t122 = _t122 + 0xc;
													if(_v5 == 0xa) {
														goto L38;
													}
													goto L36;
												} else {
													L34:
													 *_t116 = 0xa;
													goto L37;
												}
											}
											_t99 = _v5;
											if(_t99 == 0xa) {
												goto L34;
											}
											 *_t116 = 0xd;
											_t116 = _t116 + 1;
											 *((char*)( *_t105 + _t120 + 5)) = _t99;
											goto L38;
										} else {
											L36:
											 *_t116 = 0xd;
											L37:
											_t116 = _t116 + 1;
											L38:
											_t109 = _v12;
											if(_a12 < _t109) {
												continue;
											}
											goto L42;
										}
									}
									_t102 = _a12 + 1;
									if( *_t102 != 0xa) {
										 *_t116 = 0xd;
										_t116 = _t116 + 1;
										_a12 = _t102;
										goto L38;
									}
									_a12 = _a12 + 2;
									goto L34;
								}
								 *_t116 = _t89;
								_t116 = _t116 + 1;
								_a12 = _a12 + 1;
								goto L38;
							}
							_t121 =  *_t105 + _t120 + 4;
							_t91 =  *_t121;
							if((_t91 & 0x00000040) == 0) {
								 *_t121 = _t91 | 0x00000002;
							}
							goto L42;
						}
					}
					_t74 = GetLastError();
					_t112 = 5;
					if(_t74 != _t112) {
						if(_t74 != 0x6d) {
							_t74 = E00430BC5(_t74);
							goto L45;
						}
						goto L11;
					}
					 *0x4738c8 = 9;
					 *0x4738cc = _t112;
					goto L45;
				}
			}





























                    0x0042e78e
                    0x0042e798
                    0x0042e963
                    0x0042e963
                    0x0042e96a
                    0x0042e974
                    0x00000000
                    0x0042e974
                    0x0042e7a3
                    0x0042e7a6
                    0x0042e7a9
                    0x0042e7b7
                    0x0042e7b9
                    0x0042e7bf
                    0x00000000
                    0x00000000
                    0x0042e7c5
                    0x0042e7c9
                    0x0042e7d0
                    0x0042e7d2
                    0x0042e83b
                    0x00000000
                    0x0042e7d9
                    0x0042e7dc
                    0x0042e7de
                    0x0042e7e3
                    0x0042e7e5
                    0x0042e7e8
                    0x0042e7ec
                    0x0042e7ef
                    0x0042e7f6
                    0x0042e7f6
                    0x0042e7e3
                    0x0042e812
                    0x0042e84e
                    0x0042e850
                    0x0042e853
                    0x0042e856
                    0x0042e856
                    0x0042e85a
                    0x0042e860
                    0x0042e95e
                    0x00000000
                    0x0042e95e
                    0x0042e868
                    0x0042e873
                    0x0042e86f
                    0x0042e86f
                    0x0042e86f
                    0x0042e875
                    0x0042e877
                    0x0042e87d
                    0x0042e880
                    0x0042e884
                    0x0042e887
                    0x0042e958
                    0x0042e95b
                    0x00000000
                    0x0042e88d
                    0x0042e88d
                    0x0042e890
                    0x0042e894
                    0x00000000
                    0x00000000
                    0x0042e89c
                    0x0042e8ad
                    0x0042e8cd
                    0x0042e8e3
                    0x0042e8f3
                    0x00000000
                    0x00000000
                    0x0042e8fc
                    0x0042e914
                    0x0042e928
                    0x0042e92d
                    0x0042e934
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e91c
                    0x0042e91c
                    0x0042e91c
                    0x00000000
                    0x0042e91c
                    0x0042e914
                    0x0042e8fe
                    0x0042e903
                    0x00000000
                    0x00000000
                    0x0042e905
                    0x0042e90a
                    0x0042e90b
                    0x00000000
                    0x0042e936
                    0x0042e936
                    0x0042e936
                    0x0042e939
                    0x0042e939
                    0x0042e93a
                    0x0042e93a
                    0x0042e940
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042e946
                    0x0042e8e3
                    0x0042e8b2
                    0x0042e8b6
                    0x0042e8be
                    0x0042e8c1
                    0x0042e8c2
                    0x00000000
                    0x0042e8c2
                    0x0042e8b8
                    0x00000000
                    0x0042e8b8
                    0x0042e89e
                    0x0042e8a0
                    0x0042e8a1
                    0x00000000
                    0x0042e8a1
                    0x0042e94a
                    0x0042e94e
                    0x0042e952
                    0x0042e956
                    0x0042e956
                    0x00000000
                    0x0042e952
                    0x0042e887
                    0x0042e814
                    0x0042e81c
                    0x0042e81f
                    0x0042e839
                    0x0042e843
                    0x00000000
                    0x0042e848
                    0x00000000
                    0x0042e839
                    0x0042e821
                    0x0042e82b
                    0x00000000
                    0x0042e82b

                    APIs
                    • ReadFile.KERNEL32(?,?,00000000,?,00000000,00000000,?), ref: 0042E80A
                    • GetLastError.KERNEL32 ref: 0042E814
                    • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 0042E8DB
                    • GetLastError.KERNEL32 ref: 0042E8E5
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ErrorFileLastRead
                    • String ID:
                    • API String ID: 1948546556-0
                    • Opcode ID: 54ccc50cda03ec774afdc04a0e14654dc6c88fa373e6cef9d357f58c8e0b748f
                    • Instruction ID: 8ea0684e8f638b27c2991e2f08c79379960cfdf4f98f010ab7ee5a3cf2968712
                    • Opcode Fuzzy Hash: 54ccc50cda03ec774afdc04a0e14654dc6c88fa373e6cef9d357f58c8e0b748f
                    • Instruction Fuzzy Hash: F3610970B042A6DFDF25CF5AE8447AA7BF0AF02304F94409BE49597352D379D986CB0A
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0042ECB5 Relevance: 6.1, APIs: 4, Instructions: 139fileCOMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E0042ECB5(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				struct _OVERLAPPED* _v20;
				void _v1048;
				signed char _t58;
				void** _t64;
				intOrPtr _t67;
				char* _t72;
				long _t79;
				signed char* _t83;
				signed int _t84;
				char _t90;
				struct _OVERLAPPED* _t94;
				long _t96;
				signed int _t99;

				_t84 = _a4;
				if(_t84 >=  *0x476880) {
					L30:
					 *0x4738cc =  *0x4738cc & 0x00000000;
					 *0x4738c8 = 9;
					L31:
					return _t58 | 0xffffffff;
				}
				_t83 = 0x476780 + (_t84 >> 5) * 4;
				_t99 = (_t84 & 0x0000001f) << 3;
				_t5 = _t99 + 4; // 0x10ffce8b
				_t58 =  *((intOrPtr*)( *_t83 + _t5));
				if((_t58 & 0x00000001) == 0) {
					goto L30;
				}
				_t94 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					if((_t58 & 0x00000020) != 0) {
						E0042E63B(_t84, 0, 2);
					}
					_t64 =  *_t83 + _t99;
					if((_t64[1] & 0x00000080) == 0) {
						if(WriteFile( *_t64, _a8, _a12,  &_v16, _t94) == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t94;
							_v12 = _v16;
						}
						L17:
						_t67 = _v12;
						if(_t67 != _t94) {
							return _t67 - _v20;
						}
						if(_a4 == _t94) {
							L26:
							_t58 =  *_t83;
							if(( *(_t58 + _t99 + 4) & 0x00000040) == 0) {
								L28:
								 *0x4738c8 = 0x1c;
								 *0x4738cc = _t94;
								goto L31;
							}
							_t58 = _a8;
							if( *_t58 == 0x1a) {
								goto L3;
							}
							goto L28;
						}
						_t58 = 5;
						if(_a4 != _t58) {
							_t58 = E00430BC5(_a4);
						} else {
							 *0x4738c8 = 9;
							 *0x4738cc = _t58;
						}
						goto L31;
					}
					_v8 = _a8;
					_a4 = _t94;
					if(_a12 <= _t94) {
						goto L26;
					} else {
						goto L8;
					}
					do {
						L8:
						_t72 =  &_v1048;
						while(_v8 - _a8 < _a12) {
							_v8 = _v8 + 1;
							_t90 =  *_v8;
							if(_t90 == 0xa) {
								_v20 = _v20 + 1;
								 *_t72 = 0xd;
								_t72 = _t72 + 1;
							}
							 *_t72 = _t90;
							_t72 = _t72 + 1;
							if(_t72 -  &_v1048 < 0x400) {
								continue;
							} else {
								break;
							}
						}
						_t96 = _t72 -  &_v1048;
						if(WriteFile( *( *_t83 + _t99),  &_v1048, _t96,  &_v16, 0) == 0) {
							_a4 = GetLastError();
							break;
						}
						_t79 = _v16;
						_v12 = _v12 + _t79;
					} while (_t79 >= _t96 && _v8 - _a8 < _a12);
					_t94 = 0;
					goto L17;
				}
				L3:
				return 0;
			}



















                    0x0042ecbe
                    0x0042ecca
                    0x0042ee49
                    0x0042ee49
                    0x0042ee50
                    0x0042ee5a
                    0x00000000
                    0x0042ee5a
                    0x0042ecda
                    0x0042ece1
                    0x0042ece6
                    0x0042ece6
                    0x0042ecec
                    0x00000000
                    0x00000000
                    0x0042ecf2
                    0x0042ecf7
                    0x0042ecfa
                    0x0042ecfd
                    0x0042ed08
                    0x0042ed0e
                    0x0042ed13
                    0x0042ed18
                    0x0042ed1e
                    0x0042edfa
                    0x0042ee0d
                    0x0042edfc
                    0x0042edff
                    0x0042ee02
                    0x0042ee02
                    0x0042edae
                    0x0042edae
                    0x0042edb3
                    0x00000000
                    0x0042ee44
                    0x0042edbc
                    0x0042ee1d
                    0x0042ee1d
                    0x0042ee24
                    0x0042ee32
                    0x0042ee32
                    0x0042ee3c
                    0x00000000
                    0x0042ee3c
                    0x0042ee26
                    0x0042ee2c
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042ee2c
                    0x0042edc0
                    0x0042edc4
                    0x0042ee15
                    0x0042edc6
                    0x0042edc6
                    0x0042edd0
                    0x0042edd0
                    0x00000000
                    0x0042edc4
                    0x0042ed2a
                    0x0042ed2d
                    0x0042ed30
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042ed36
                    0x0042ed36
                    0x0042ed36
                    0x0042ed3c
                    0x0042ed4a
                    0x0042ed4d
                    0x0042ed52
                    0x0042ed54
                    0x0042ed57
                    0x0042ed5a
                    0x0042ed5a
                    0x0042ed5b
                    0x0042ed5d
                    0x0042ed6e
                    0x00000000
                    0x00000000
                    0x00000000
                    0x00000000
                    0x0042ed6e
                    0x0042ed78
                    0x0042ed95
                    0x0042ede0
                    0x00000000
                    0x0042ede0
                    0x0042ed97
                    0x0042ed9a
                    0x0042ed9d
                    0x0042edac
                    0x00000000
                    0x0042edac
                    0x0042ecff
                    0x00000000

                    APIs
                    • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042ED8D
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: FileWrite
                    • String ID:
                    • API String ID: 3934441357-0
                    • Opcode ID: 0e10ebae9373edc12889871941bd583704e4006d5a799ffe383a1f142a46fe77
                    • Instruction ID: 2bddffbc57fb681cfa2e4c4c6bf7824a3d9be657813e93f1e15519ba76e66f43
                    • Opcode Fuzzy Hash: 0e10ebae9373edc12889871941bd583704e4006d5a799ffe383a1f142a46fe77
                    • Instruction Fuzzy Hash: 0C51F731A00229EFCB11CF6AE884B9E7BF0FF45340FA185AAE4159B251D334CA85DF19
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00434DC7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143COMMON
                    Download Yara Rule
                    C-Code - Quality: 62%
                    			E00434DC7(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t69;
				signed int _t70;
				char _t73;
				intOrPtr _t75;
				signed int _t76;
				void* _t77;
				void* _t129;
				void* _t130;
				intOrPtr* _t133;
				void* _t135;
				void* _t137;

				_t129 = __edx;
				E004291C0(E004500A7, _t137);
				_t135 = __ecx;
				_push(_t130);
				if( *((intOrPtr*)(__ecx + 0xb4)) != 0) {
					E00439434(_t137 - 0x68, __eflags, 0);
					 *(_t137 - 4) = 0;
					E00443090(_t137 - 0x68, _t130, __ecx);
					_t69 =  *(_t135 + 0x10c);
					__eflags = _t69;
					if(_t69 != 0) {
						E0043942A(_t137 - 0x68, _t69);
					}
					__eflags =  *(_t135 + 0x41);
					if(__eflags == 0) {
						_t70 = L00433A67(_t135);
						__eflags = _t70;
						if(_t70 == 0) {
							L13:
							_push( *((intOrPtr*)(_t137 + 0x14)));
							_t131 = _t135 + 0xc0;
							_push( *((intOrPtr*)(_t135 + 0xf0)));
							_push( *((intOrPtr*)(_t137 + 0xc)));
							_push( *((intOrPtr*)(_t137 + 0x10)));
							_push( *((intOrPtr*)(_t137 + 8)));
							_push(1);
							_push( *(_t135 + 0xb4));
							_push(E0040CE40(_t135 + 0xc0));
							_push(E00446F00(_t135 + 0xc0));
							_t73 = L00439625(_t137 - 0x68, _t129, _t131);
						} else {
							_t76 = E0040CE40(_t135 + 0xc0);
							__eflags = _t76;
							if(_t76 != 0) {
								goto L13;
							} else {
								__eflags =  *(_t135 + 0xb4);
								if( *(_t135 + 0xb4) == 0) {
									goto L13;
								} else {
									_t77 = L00433A56(_t135);
									_push( *((intOrPtr*)(_t137 + 0x14)));
									_push( *((intOrPtr*)(_t135 + 0xf0)));
									_push( *((intOrPtr*)(_t137 + 0xc)));
									_push( *((intOrPtr*)(_t137 + 0x10)));
									_push(_t137 - 0x20);
									_push(0);
									_push( *((intOrPtr*)(_t137 + 8)));
									_push(1);
									_push( *(_t135 + 0xb4));
									_push(_t77);
									_t73 = L004397D1(_t137 - 0x68, _t129, _t130, __eflags);
								}
							}
						}
						 *((char*)(_t137 + 0x17)) = _t73;
						goto L15;
					} else {
						E00408BB0(_t137 - 0xf0, __eflags);
						 *(_t137 - 4) = 1;
						E00408E00(_t137 - 0xf0, E00446F00(_t135 + 0x80));
						L0041F650(_t137 - 0x18);
						_t133 =  *((intOrPtr*)(_t137 + 0x14));
						 *(_t137 - 4) = 2;
						__eflags = E0040C900(_t137 - 0x18, _t137 - 0xf0, _t137 - 0x1c, _t133);
						if(__eflags != 0) {
							_push(_t133);
							_push( *((intOrPtr*)(_t135 + 0xf0)));
							_push( *((intOrPtr*)(_t137 + 0xc)));
							_push( *((intOrPtr*)(_t137 + 0x10)));
							_push( *((intOrPtr*)(_t137 + 8)));
							_push(1);
							_push( *(_t135 + 0xb4));
							_push(_t137 - 0x18);
							 *((char*)(_t137 + 0x17)) = E00439473(_t137 - 0x68, _t129, _t133, __eflags);
							E0041F6C0(_t137 - 0x18);
							 *(_t137 - 4) = 1;
							L0041F700(_t137 - 0x18);
							 *(_t137 - 4) = 0;
							E00408C80(_t137 - 0xf0);
							L15:
							_t60 = _t137 - 4;
							 *_t60 =  *(_t137 - 4) | 0xffffffff;
							__eflags =  *_t60;
							E00439468(_t137 - 0x68);
							_t75 =  *((intOrPtr*)(_t137 + 0x17));
						} else {
							 *((intOrPtr*)( *_t133 + 0x10))("Failed to open file for reading (5)");
							 *(_t137 - 4) = 1;
							L0041F700(_t137 - 0x18);
							 *(_t137 - 4) = 0;
							E00408C80(_t137 - 0xf0);
							_t25 = _t137 - 4;
							 *_t25 =  *(_t137 - 4) | 0xffffffff;
							__eflags =  *_t25;
							E00439468(_t137 - 0x68);
							goto L7;
						}
					}
				} else {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t137 + 0x14)))) + 0x10))("No dest output for compress64");
					L7:
					_t75 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t137 - 0xc));
				return _t75;
			}















                    0x00434dc7
                    0x00434dcc
                    0x00434dd9
                    0x00434ddd
                    0x00434de4
                    0x00434dfc
                    0x00434e05
                    0x00434e08
                    0x00434e0d
                    0x00434e13
                    0x00434e15
                    0x00434e1b
                    0x00434e1b
                    0x00434e20
                    0x00434e23
                    0x00434f03
                    0x00434f08
                    0x00434f0a
                    0x00434f54
                    0x00434f54
                    0x00434f57
                    0x00434f5f
                    0x00434f65
                    0x00434f68
                    0x00434f6b
                    0x00434f6e
                    0x00434f70
                    0x00434f7b
                    0x00434f83
                    0x00434f87
                    0x00434f0c
                    0x00434f12
                    0x00434f17
                    0x00434f19
                    0x00000000
                    0x00434f1b
                    0x00434f1b
                    0x00434f21
                    0x00000000
                    0x00434f23
                    0x00434f25
                    0x00434f2a
                    0x00434f30
                    0x00434f36
                    0x00434f39
                    0x00434f3c
                    0x00434f3d
                    0x00434f3e
                    0x00434f44
                    0x00434f46
                    0x00434f4c
                    0x00434f4d
                    0x00434f4d
                    0x00434f21
                    0x00434f19
                    0x00434f8c
                    0x00000000
                    0x00434e29
                    0x00434e2f
                    0x00434e3a
                    0x00434e4a
                    0x00434e52
                    0x00434e57
                    0x00434e65
                    0x00434e76
                    0x00434e78
                    0x00434eb3
                    0x00434eb7
                    0x00434ec0
                    0x00434ec3
                    0x00434ec6
                    0x00434ec9
                    0x00434ecb
                    0x00434ed1
                    0x00434eda
                    0x00434edd
                    0x00434ee5
                    0x00434ee9
                    0x00434ef4
                    0x00434ef7
                    0x00434f8f
                    0x00434f8f
                    0x00434f8f
                    0x00434f8f
                    0x00434f96
                    0x00434f9b
                    0x00434e7a
                    0x00434e83
                    0x00434e89
                    0x00434e8d
                    0x00434e98
                    0x00434e9b
                    0x00434ea0
                    0x00434ea0
                    0x00434ea0
                    0x00434ea7
                    0x00000000
                    0x00434ea7
                    0x00434e78
                    0x00434de6
                    0x00434df0
                    0x00434eac
                    0x00434eac
                    0x00434eac
                    0x00434fa4
                    0x00434fac

                    APIs
                    • __EH_prolog.LIBCMT ref: 00434DCC
                      • Part of subcall function 00439473: __EH_prolog.LIBCMT ref: 00439478
                      • Part of subcall function 0041F6C0: FindCloseChangeNotification.KERNELBASE(?,?,0041F698,00000000,0040C92C,00000000,?,?,00000000), ref: 0041F6CC
                    Strings
                    • Failed to open file for reading (5), xrefs: 00434E7C
                    • No dest output for compress64, xrefs: 00434DE9
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog$ChangeCloseFindNotification
                    • String ID: Failed to open file for reading (5)$No dest output for compress64
                    • API String ID: 2028148922-904331844
                    • Opcode ID: eb641c3d41ae7eaacae8e780a8291751b8c7f499d551ca4d5578fc1fd2b3ad21
                    • Instruction ID: 91a1db2a89698430225c430af9f0251502b954120219876144dde9b7c7ea141b
                    • Opcode Fuzzy Hash: eb641c3d41ae7eaacae8e780a8291751b8c7f499d551ca4d5578fc1fd2b3ad21
                    • Instruction Fuzzy Hash: E651D43150024AEFCF15EFA0C841BEE7B75BF18304F00006EF55667192EB396A49DB69
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404D2B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                    Download Yara Rule
                    C-Code - Quality: 95%
                    			E00404D2B(void* __ecx) {
				void* __edi;
				void* __esi;
				void* _t41;
				void* _t63;
				signed int _t64;
				signed int _t66;
				void* _t76;
				void* _t90;
				intOrPtr _t93;
				intOrPtr* _t94;
				void* _t96;

				_t41 = E004291C0(0x44d75c, _t96);
				_t93 =  *((intOrPtr*)(_t96 + 8));
				_t90 = __ecx;
				if(_t93 == 0) {
					L6:
					 *((intOrPtr*)(_t96 - 0x14)) = _t90 + 0x80;
					E00424E00(_t41);
					_t94 = _t90 + 0x10;
					 *((intOrPtr*)( *((intOrPtr*)(_t90 + 0x10)) + 0x1c))();
					_t66 = 1;
					 *((intOrPtr*)( *_t94 + 0x20))("LoadXml", _t66);
					E00406110(_t96 - 0x64, __eflags);
					 *(_t96 - 4) = _t66;
					L00405CB0( *((intOrPtr*)(_t96 + 8)));
					_push( *((intOrPtr*)(_t96 + 0xc)));
					 *(_t96 - 0x10) =  *(_t96 - 0x10) & 0x00000000;
					L004119F0(_t90, _t94, _t96, __eflags, _t96 - 0x64, _t94, 0, _t96 - 0x10);
					__eflags =  *(_t96 - 0x10);
					if( *(_t96 - 0x10) == 0) {
						_t66 = 0;
						__eflags = 0;
					} else {
						E00404BC2(_t90);
						 *(_t90 + 0xa0) =  *(_t96 - 0x10);
						E00410250( *(_t96 - 0x10));
					}
					E00424E00( *((intOrPtr*)( *_t94 + 0x24))());
					_t36 = _t96 - 4;
					 *_t36 =  *(_t96 - 4) | 0xffffffff;
					__eflags =  *_t36;
					_t76 = _t96 - 0x64;
				} else {
					_t41 = L004296D0(_t93, 0x3c);
					_t103 = _t41;
					if(_t41 != 0) {
						goto L6;
					} else {
						_push(_t93);
						E00406010(_t96 - 0x3c, _t103);
						 *(_t96 - 4) =  *(_t96 - 4) & 0x00000000;
						E00405460(_t96 - 0x3c);
						if(E0040CE50(_t96 - 0x3c) >= 0x64) {
							L5:
							_t13 = _t96 - 4;
							 *_t13 =  *(_t96 - 4) | 0xffffffff;
							__eflags =  *_t13;
							_t41 = E00406400(_t96 - 0x3c);
							goto L6;
						} else {
							E004068E0(_t96 - 0x3c);
							_t63 = L00405DC0(_t96 - 0x3c, ".xml");
							_t105 = _t63;
							if(_t63 == 0) {
								goto L5;
							} else {
								_t64 = E00404EE2(_t90, _t105, _t93,  *((intOrPtr*)(_t96 + 0xc)));
								 *(_t96 - 4) =  *(_t96 - 4) | 0xffffffff;
								_t66 = _t64;
								_t76 = _t96 - 0x3c;
							}
						}
					}
				}
				E00406400(_t76);
				 *[fs:0x0] =  *((intOrPtr*)(_t96 - 0xc));
				return _t66;
			}














                    0x00404d30
                    0x00404d3a
                    0x00404d40
                    0x00404d42
                    0x00404db2
                    0x00404db8
                    0x00404dbb
                    0x00404dc3
                    0x00404dc8
                    0x00404dcf
                    0x00404dd8
                    0x00404dde
                    0x00404de9
                    0x00404dec
                    0x00404df1
                    0x00404df4
                    0x00404e03
                    0x00404e0b
                    0x00404e0f
                    0x00404e28
                    0x00404e28
                    0x00404e11
                    0x00404e13
                    0x00404e1b
                    0x00404e21
                    0x00404e21
                    0x00404e34
                    0x00404e39
                    0x00404e39
                    0x00404e39
                    0x00404e3d
                    0x00404d44
                    0x00404d47
                    0x00404d4d
                    0x00404d50
                    0x00000000
                    0x00404d52
                    0x00404d52
                    0x00404d56
                    0x00404d5b
                    0x00404d62
                    0x00404d72
                    0x00404da6
                    0x00404da6
                    0x00404da6
                    0x00404da6
                    0x00404dad
                    0x00000000
                    0x00404d74
                    0x00404d77
                    0x00404d84
                    0x00404d89
                    0x00404d8b
                    0x00000000
                    0x00404d8d
                    0x00404d93
                    0x00404d98
                    0x00404d9c
                    0x00404d9e
                    0x00404d9e
                    0x00404d8b
                    0x00404d72
                    0x00404d50
                    0x00404e40
                    0x00404e4d
                    0x00404e55

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: .xml$LoadXml
                    • API String ID: 3519838083-2980132697
                    • Opcode ID: 41fd2fe9c72a1267687b434972967da094fbff1f9d3cc5023639bfd25b432faa
                    • Instruction ID: cc7e9e0b04b064bdaa1892d34044a0e1fce012746b993a4c0381f3ad2c6a388b
                    • Opcode Fuzzy Hash: 41fd2fe9c72a1267687b434972967da094fbff1f9d3cc5023639bfd25b432faa
                    • Instruction Fuzzy Hash: CD31A071A00215ABCB18EF61D846AEEB774FF50314F50452EF522772D2CF389A05CB98
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 00404B36 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                    Download Yara Rule
                    C-Code - Quality: 100%
                    			E00404B36(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _t20;
				intOrPtr* _t29;
				intOrPtr _t32;
				void* _t34;

				E004291C0(0x44d706, _t34);
				_t32 = __ecx;
				 *((intOrPtr*)(_t34 - 0x10)) = __ecx;
				E0040532C(__ecx, __eflags);
				 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
				_t29 = __ecx + 0x80;
				E0040F250(_t29);
				 *(__ecx + 0x9c) =  *(__ecx + 0x9c) & 0x00000000;
				 *(__ecx + 0xa0) =  *(__ecx + 0xa0) & 0x00000000;
				 *((intOrPtr*)(__ecx)) = 0x451230;
				 *_t29 = 0x451228;
				 *(_t34 - 4) = 1;
				L00429664(__edx, _t34 - 0x44, "%d",  *0x45ce7c & 0x000000ff);
				_t20 = L0040F8F0(_t29, "unnamed");
				 *((intOrPtr*)(_t32 + 0xa0)) = _t20;
				if(_t20 != 0) {
					E00410250(_t20);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t34 - 0xc));
				return _t32;
			}







                    0x00404b3b
                    0x00404b44
                    0x00404b47
                    0x00404b4a
                    0x00404b4f
                    0x00404b53
                    0x00404b5b
                    0x00404b60
                    0x00404b67
                    0x00404b6e
                    0x00404b74
                    0x00404b8b
                    0x00404b8f
                    0x00404b99
                    0x00404ba1
                    0x00404ba9
                    0x00404bad
                    0x00404bad
                    0x00404bb9
                    0x00404bc1

                    APIs
                    • __EH_prolog.LIBCMT ref: 00404B3B
                      • Part of subcall function 0040532C: __EH_prolog.LIBCMT ref: 00405331
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: H_prolog
                    • String ID: !S@$unnamed
                    • API String ID: 3519838083-3866368295
                    • Opcode ID: fa086242f108bd48a5d66ab857a6b29b4f1362b7329939f23840c725c0a147a6
                    • Instruction ID: 602359bac32a0f00fd186eedbf3754bc693ffefbc50b9e8f303b552a1f11affd
                    • Opcode Fuzzy Hash: fa086242f108bd48a5d66ab857a6b29b4f1362b7329939f23840c725c0a147a6
                    • Instruction Fuzzy Hash: 72012B72A007105ED711ABB5940239EB7E4AF51306F00446FE451F2283DBFC9908C799
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 0043265A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                    Download Yara Rule
                    C-Code - Quality: 37%
                    			E0043265A() {
				int _t12;
				int _t13;
				void* _t20;

				 *(_t20 - 4) =  *(_t20 - 4) | 0xffffffff;
				if(0 == 0) {
					L4:
					_t12 = 0;
				} else {
					_t13 = MultiByteToWideChar( *(_t20 + 0x18), 1,  *(_t20 + 0xc),  *(_t20 + 0x10), 0,  *(_t20 - 0x20));
					if(_t13 == 0) {
						goto L4;
					} else {
						_t12 = GetStringTypeW( *(_t20 + 8), 0, _t13,  *(_t20 + 0x14));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t20 - 0x10));
				return _t12;
			}






                    0x00432661
                    0x00432667
                    0x00432692
                    0x00432692
                    0x00432669
                    0x00432678
                    0x00432680
                    0x00000000
                    0x00432682
                    0x0043268a
                    0x0043268a
                    0x00432680
                    0x0043269a
                    0x004326a5

                    APIs
                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001), ref: 00432678
                    • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000001), ref: 0043268A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.589107356.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.589100912.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589382829.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589424472.000000000045C000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589437170.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589446314.000000000045E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589501861.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589515562.000000000046D000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589528804.000000000046E000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589554346.0000000000472000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589576789.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589584373.0000000000477000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589615645.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589638490.0000000000488000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589649208.000000000048C000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589690123.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589704578.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589765229.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589779593.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.589890072.00000000004FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_AvigilonControlCenterPlayerStandAlone-6.jbxd
                    Similarity
                    • API ID: ByteCharMultiStringTypeWide
                    • String ID: pYqt
                    • API String ID: 3139900361-1213896493
                    • Opcode ID: 9f4a22e03666b8ff87c31629df7603e686b87bb18a17f35dd3d19f95a7897703
                    • Instruction ID: d932180c9b7db2638b184356b93a96fc46850813761e5db222899421d988dd91
                    • Opcode Fuzzy Hash: 9f4a22e03666b8ff87c31629df7603e686b87bb18a17f35dd3d19f95a7897703
                    • Instruction Fuzzy Hash: AEF0FE32900265EFCF218F80DD46ADEBF72FF08761F108125FA26615A0C7758D60DB94
                    Uniqueness

                    Uniqueness Score: -1.00%