Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FT - 08082022.exe

Overview

General Information

Sample Name:FT - 08082022.exe
Analysis ID:680396
MD5:70b100ea1e1466a56a78d3a31dae1e2a
SHA1:aa775a962d1a1714f06e15f03e244435b52eedfc
SHA256:58f41297482040338766f554cca18e61888eaf9a9123e2570f48b89a31b601ac
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Maps a DLL or memory area into another process
Machine Learning detection for sample
.NET source code contains potential unpacker
Yara detected Generic Downloader
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • FT - 08082022.exe (PID: 1144 cmdline: "C:\Users\user\Desktop\FT - 08082022.exe" MD5: 70B100EA1E1466A56A78D3A31DAE1E2A)
    • InstallUtil.exe (PID: 5412 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: EFEC8C379D165E3F33B536739AEE26A3)
      • explorer.exe (PID: 3616 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.mcphiecabinetry.site/iw01/"], "decoy": ["searchandreach.com", "exhaustinternational.com", "megadarknetz.online", "naiti.pro", "bizcon-h.com", "unitatem.com", "sangeetapallai.site", "tradingwithwallstreet.com", "wwwvestmed.com", "tendful.top", "sezonuyakala.com", "mindlabpublishing.com", "barnwoodconnection.com", "smokehighsociety.com", "axelarigatosaopaulo.com", "cadence.ink", "zhaokl.net", "lwz168.com", "aladdinmkstore.com", "beyondexpawtationpetcare.com", "buckscountyprolife.info", "myangel.today", "haxtrldesign.xyz", "inselite.com", "hamshor.com", "soulpets.net", "cassettebeauty.com", "begonvilrestaurant.com", "preciuss.info", "bbjmw.com", "engr360.site", "sv388vip.xyz", "wealthofawoman.net", "futuresmartafricanonprofit.net", "dgshanteng.com", "hongtaoshunshun.top", "thebrowandbeautyplug.com", "bkeight.xyz", "aaguiapousou.com", "swingsandthings.store", "pdsbxw.com", "925xd.com", "huntervalley.online", "dostuff.tech", "tgydf.com", "texasexchange.info", "ralonllc.net", "deneyimrulman.online", "1xbet-wix.top", "aqnest.net", "worthdisk.com", "bpw-finland.com", "secured-vision-unit.com", "bc6029.com", "theunrulyplot.co.uk", "mvvezasi.site", "saferhennepin.com", "sunscreensale.store", "sdplci.com", "sou1xia.net", "gzgztf.top", "airriflehunt.com", "accwatercraft.com", "rscorecalculator.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6389:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1ccf8:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xab07:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x159ef:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x9a40:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9cba:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x157ed:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x152d9:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x158ef:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x15a67:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa6d2:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x14554:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb3cb:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1ba5f:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ca62:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18981:$sqlite3step: 68 34 1C 7B E1
    • 0x18a94:$sqlite3step: 68 34 1C 7B E1
    • 0x189b0:$sqlite3text: 68 38 2A 90 C5
    • 0x18ad5:$sqlite3text: 68 38 2A 90 C5
    • 0x189c3:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18aeb:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      14.0.InstallUtil.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        14.0.InstallUtil.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        14.0.InstallUtil.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        14.0.InstallUtil.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17a49:$sqlite3step: 68 34 1C 7B E1
        • 0x17b5c:$sqlite3step: 68 34 1C 7B E1
        • 0x17a78:$sqlite3text: 68 38 2A 90 C5
        • 0x17b9d:$sqlite3text: 68 38 2A 90 C5
        • 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
        0.2.FT - 08082022.exe.d480000.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus / Scanner detection for submitted sample
          Source: FT - 08082022.exeAvira: detected
          Machine Learning detection for sample
          Source: FT - 08082022.exeJoe Sandbox ML: detected
          Source: 14.0.InstallUtil.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.mcphiecabinetry.site/iw01/"], "decoy": ["searchandreach.com", "exhaustinternational.com", "megadarknetz.online", "naiti.pro", "bizcon-h.com", "unitatem.com", "sangeetapallai.site", "tradingwithwallstreet.com", "wwwvestmed.com", "tendful.top", "sezonuyakala.com", "mindlabpublishing.com", "barnwoodconnection.com", "smokehighsociety.com", "axelarigatosaopaulo.com", "cadence.ink", "zhaokl.net", "lwz168.com", "aladdinmkstore.com", "beyondexpawtationpetcare.com", "buckscountyprolife.info", "myangel.today", "haxtrldesign.xyz", "inselite.com", "hamshor.com", "soulpets.net", "cassettebeauty.com", "begonvilrestaurant.com", "preciuss.info", "bbjmw.com", "engr360.site", "sv388vip.xyz", "wealthofawoman.net", "futuresmartafricanonprofit.net", "dgshanteng.com", "hongtaoshunshun.top", "thebrowandbeautyplug.com", "bkeight.xyz", "aaguiapousou.com", "swingsandthings.store", "pdsbxw.com", "925xd.com", "huntervalley.online", "dostuff.tech", "tgydf.com", "texasexchange.info", "ralonllc.net", "deneyimrulman.online", "1xbet-wix.top", "aqnest.net", "worthdisk.com", "bpw-finland.com", "secured-vision-unit.com", "bc6029.com", "theunrulyplot.co.uk", "mvvezasi.site", "saferhennepin.com", "sunscreensale.store", "sdplci.com", "sou1xia.net", "gzgztf.top", "airriflehunt.com", "accwatercraft.com", "rscorecalculator.com"]}
          Source: FT - 08082022.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: FT - 08082022.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: InstallUtil.exe, 0000000E.00000003.337295908.0000000000E55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000003.342676906.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: InstallUtil.exe, InstallUtil.exe, 0000000E.00000003.337295908.0000000000E55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000003.342676906.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

          Networking

          barindex
          Yara detected Generic Downloader
          Source: Yara matchFile source: 0.2.FT - 08082022.exe.d480000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.mcphiecabinetry.site/iw01/
          Source: FT - 08082022.exe, 00000000.00000002.346131077.0000000002D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com
          Source: FT - 08082022.exe, 00000000.00000002.348247508.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.346772186.0000000002D7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
          Source: FT - 08082022.exe, 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
          Source: FT - 08082022.exe, 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.347927328.0000000002E22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: FT - 08082022.exe PID: 1144, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: InstallUtil.exe PID: 5412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          .NET source code contains very large array initializations
          Source: FT - 08082022.exe, iahb.csLarge array initialization: oqed: array initializer size 2000384
          Source: FT - 08082022.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.347927328.0000000002E22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: FT - 08082022.exe PID: 1144, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: InstallUtil.exe PID: 5412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\FT - 08082022.exeCode function: 0_2_010BDAA50_2_010BDAA5
          Source: C:\Users\user\Desktop\FT - 08082022.exeCode function: 0_2_010BDAC00_2_010BDAC0
          Source: C:\Users\user\Desktop\FT - 08082022.exeCode function: 0_2_010BBF140_2_010BBF14
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BF90014_2_011BF900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01282D0714_2_01282D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B0D2014_2_011B0D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D412014_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01281D5514_2_01281D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E258114_2_011E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CD5E014_2_011CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C841F14_2_011C841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0127100214_2_01271002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012820A814_2_012820A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CB09014_2_011CB090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A014_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01282B2814_2_01282B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EEBB014_2_011EEBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01281FF114_2_01281FF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D6E3014_2_011D6E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012822AE14_2_012822AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01282EF714_2_01282EF7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: String function: 011BB150 appears 35 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_011F9910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F99A0 NtCreateSection,LdrInitializeThunk,14_2_011F99A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F95D0 NtClose,LdrInitializeThunk,14_2_011F95D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9840 NtDelayExecution,LdrInitializeThunk,14_2_011F9840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,14_2_011F9860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F98F0 NtReadVirtualMemory,LdrInitializeThunk,14_2_011F98F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9710 NtQueryInformationToken,LdrInitializeThunk,14_2_011F9710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9780 NtMapViewOfSection,LdrInitializeThunk,14_2_011F9780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9A00 NtProtectVirtualMemory,LdrInitializeThunk,14_2_011F9A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9A50 NtCreateFile,LdrInitializeThunk,14_2_011F9A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9660 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_011F9660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F96E0 NtFreeVirtualMemory,LdrInitializeThunk,14_2_011F96E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011FAD30 NtSetContextThread,14_2_011FAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9520 NtWaitForSingleObject,14_2_011F9520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9950 NtQueueApcThread,14_2_011F9950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9540 NtReadFile,14_2_011F9540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9560 NtWriteFile,14_2_011F9560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F99D0 NtCreateProcessEx,14_2_011F99D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F95F0 NtQueryInformationFile,14_2_011F95F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9820 NtEnumerateKey,14_2_011F9820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011FB040 NtSuspendThread,14_2_011FB040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F98A0 NtWriteVirtualMemory,14_2_011F98A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011FA710 NtOpenProcessToken,14_2_011FA710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9B00 NtSetValueKey,14_2_011F9B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9730 NtQueryVirtualMemory,14_2_011F9730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9770 NtSetInformationFile,14_2_011F9770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011FA770 NtOpenThread,14_2_011FA770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9760 NtOpenProcess,14_2_011F9760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011FA3B0 NtGetContextThread,14_2_011FA3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F97A0 NtUnmapViewOfSection,14_2_011F97A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9FE0 NtCreateMutant,14_2_011F9FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9610 NtEnumerateValueKey,14_2_011F9610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9A10 NtQuerySection,14_2_011F9A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9A20 NtResumeThread,14_2_011F9A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9650 NtQueryValueKey,14_2_011F9650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9670 NtQueryInformationProcess,14_2_011F9670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9A80 NtOpenDirectoryObject,14_2_011F9A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F96D0 NtCreateKey,14_2_011F96D0
          Source: FT - 08082022.exe, 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXkmjgdlcz.dll" vs FT - 08082022.exe
          Source: FT - 08082022.exe, 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXkmjgdlcz.dll" vs FT - 08082022.exe
          Source: FT - 08082022.exe, 00000000.00000002.346337239.0000000002D45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs FT - 08082022.exe
          Source: FT - 08082022.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\FT - 08082022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\FT - 08082022.exe "C:\Users\user\Desktop\FT - 08082022.exe"
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FT - 08082022.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/0
          Source: FT - 08082022.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\FT - 08082022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: FT - 08082022.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: FT - 08082022.exeStatic file information: File size 2009088 > 1048576
          Source: FT - 08082022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: FT - 08082022.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1e9a00
          Source: FT - 08082022.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: InstallUtil.exe, 0000000E.00000003.337295908.0000000000E55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000003.342676906.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: InstallUtil.exe, InstallUtil.exe, 0000000E.00000003.337295908.0000000000E55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000003.342676906.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: FT - 08082022.exe, iaha.cs.Net Code: irug System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\FT - 08082022.exeCode function: 0_2_010BEAB0 push esp; iretd 0_2_010BEDB1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0120D0D1 push ecx; ret 14_2_0120D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 6.846947333897607
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\FT - 08082022.exe TID: 5272Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F6DE6 rdtsc 14_2_011F6DE6
          Source: C:\Users\user\Desktop\FT - 08082022.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeAPI coverage: 4.5 %
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000F.00000000.461776192.00000000051AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000000F.00000000.465900025.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000000.434370145.00000000051F7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: -94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}71USER
          Source: explorer.exe, 0000000F.00000000.465900025.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 0000000F.00000000.439500528.0000000005EAB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000000.373162972.0000000005137000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000F.00000000.434370145.00000000051F7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: FT - 08082022.exe, 00000000.00000003.237438564.0000000003D5A000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000000.234085669.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: KhGfStJh
          Source: explorer.exe, 0000000F.00000000.373162972.0000000005137000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 0000000F.00000000.465900025.0000000006005000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0cY
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F6DE6 rdtsc 14_2_011F6DE6
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0123A537 mov eax, dword ptr fs:[00000030h]14_2_0123A537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9100 mov eax, dword ptr fs:[00000030h]14_2_011B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9100 mov eax, dword ptr fs:[00000030h]14_2_011B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9100 mov eax, dword ptr fs:[00000030h]14_2_011B9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288D34 mov eax, dword ptr fs:[00000030h]14_2_01288D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E513A mov eax, dword ptr fs:[00000030h]14_2_011E513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E513A mov eax, dword ptr fs:[00000030h]14_2_011E513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4D3B mov eax, dword ptr fs:[00000030h]14_2_011E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4D3B mov eax, dword ptr fs:[00000030h]14_2_011E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4D3B mov eax, dword ptr fs:[00000030h]14_2_011E4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C3D34 mov eax, dword ptr fs:[00000030h]14_2_011C3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BAD30 mov eax, dword ptr fs:[00000030h]14_2_011BAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D4120 mov eax, dword ptr fs:[00000030h]14_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D4120 mov eax, dword ptr fs:[00000030h]14_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D4120 mov eax, dword ptr fs:[00000030h]14_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D4120 mov eax, dword ptr fs:[00000030h]14_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D4120 mov ecx, dword ptr fs:[00000030h]14_2_011D4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D7D50 mov eax, dword ptr fs:[00000030h]14_2_011D7D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DB944 mov eax, dword ptr fs:[00000030h]14_2_011DB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DB944 mov eax, dword ptr fs:[00000030h]14_2_011DB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F3D43 mov eax, dword ptr fs:[00000030h]14_2_011F3D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01233540 mov eax, dword ptr fs:[00000030h]14_2_01233540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BB171 mov eax, dword ptr fs:[00000030h]14_2_011BB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BB171 mov eax, dword ptr fs:[00000030h]14_2_011BB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DC577 mov eax, dword ptr fs:[00000030h]14_2_011DC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DC577 mov eax, dword ptr fs:[00000030h]14_2_011DC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BC962 mov eax, dword ptr fs:[00000030h]14_2_011BC962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012805AC mov eax, dword ptr fs:[00000030h]14_2_012805AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012805AC mov eax, dword ptr fs:[00000030h]14_2_012805AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EFD9B mov eax, dword ptr fs:[00000030h]14_2_011EFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EFD9B mov eax, dword ptr fs:[00000030h]14_2_011EFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012369A6 mov eax, dword ptr fs:[00000030h]14_2_012369A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2990 mov eax, dword ptr fs:[00000030h]14_2_011E2990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B2D8A mov eax, dword ptr fs:[00000030h]14_2_011B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B2D8A mov eax, dword ptr fs:[00000030h]14_2_011B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B2D8A mov eax, dword ptr fs:[00000030h]14_2_011B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B2D8A mov eax, dword ptr fs:[00000030h]14_2_011B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B2D8A mov eax, dword ptr fs:[00000030h]14_2_011B2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA185 mov eax, dword ptr fs:[00000030h]14_2_011EA185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012351BE mov eax, dword ptr fs:[00000030h]14_2_012351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012351BE mov eax, dword ptr fs:[00000030h]14_2_012351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012351BE mov eax, dword ptr fs:[00000030h]14_2_012351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012351BE mov eax, dword ptr fs:[00000030h]14_2_012351BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DC182 mov eax, dword ptr fs:[00000030h]14_2_011DC182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2581 mov eax, dword ptr fs:[00000030h]14_2_011E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2581 mov eax, dword ptr fs:[00000030h]14_2_011E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2581 mov eax, dword ptr fs:[00000030h]14_2_011E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2581 mov eax, dword ptr fs:[00000030h]14_2_011E2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E1DB5 mov eax, dword ptr fs:[00000030h]14_2_011E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E1DB5 mov eax, dword ptr fs:[00000030h]14_2_011E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E1DB5 mov eax, dword ptr fs:[00000030h]14_2_011E1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E61A0 mov eax, dword ptr fs:[00000030h]14_2_011E61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E61A0 mov eax, dword ptr fs:[00000030h]14_2_011E61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E35A1 mov eax, dword ptr fs:[00000030h]14_2_011E35A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012441E8 mov eax, dword ptr fs:[00000030h]14_2_012441E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01268DF1 mov eax, dword ptr fs:[00000030h]14_2_01268DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov eax, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov eax, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov eax, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov ecx, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov eax, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236DC9 mov eax, dword ptr fs:[00000030h]14_2_01236DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BB1E1 mov eax, dword ptr fs:[00000030h]14_2_011BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BB1E1 mov eax, dword ptr fs:[00000030h]14_2_011BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BB1E1 mov eax, dword ptr fs:[00000030h]14_2_011BB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CD5E0 mov eax, dword ptr fs:[00000030h]14_2_011CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CD5E0 mov eax, dword ptr fs:[00000030h]14_2_011CD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271C06 mov eax, dword ptr fs:[00000030h]14_2_01271C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0128740D mov eax, dword ptr fs:[00000030h]14_2_0128740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0128740D mov eax, dword ptr fs:[00000030h]14_2_0128740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0128740D mov eax, dword ptr fs:[00000030h]14_2_0128740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236C0A mov eax, dword ptr fs:[00000030h]14_2_01236C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236C0A mov eax, dword ptr fs:[00000030h]14_2_01236C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236C0A mov eax, dword ptr fs:[00000030h]14_2_01236C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236C0A mov eax, dword ptr fs:[00000030h]14_2_01236C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EBC2C mov eax, dword ptr fs:[00000030h]14_2_011EBC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E002D mov eax, dword ptr fs:[00000030h]14_2_011E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E002D mov eax, dword ptr fs:[00000030h]14_2_011E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E002D mov eax, dword ptr fs:[00000030h]14_2_011E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E002D mov eax, dword ptr fs:[00000030h]14_2_011E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E002D mov eax, dword ptr fs:[00000030h]14_2_011E002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237016 mov eax, dword ptr fs:[00000030h]14_2_01237016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237016 mov eax, dword ptr fs:[00000030h]14_2_01237016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237016 mov eax, dword ptr fs:[00000030h]14_2_01237016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CB02A mov eax, dword ptr fs:[00000030h]14_2_011CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CB02A mov eax, dword ptr fs:[00000030h]14_2_011CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CB02A mov eax, dword ptr fs:[00000030h]14_2_011CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CB02A mov eax, dword ptr fs:[00000030h]14_2_011CB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01284015 mov eax, dword ptr fs:[00000030h]14_2_01284015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01284015 mov eax, dword ptr fs:[00000030h]14_2_01284015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D0050 mov eax, dword ptr fs:[00000030h]14_2_011D0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D0050 mov eax, dword ptr fs:[00000030h]14_2_011D0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01272073 mov eax, dword ptr fs:[00000030h]14_2_01272073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA44B mov eax, dword ptr fs:[00000030h]14_2_011EA44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01281074 mov eax, dword ptr fs:[00000030h]14_2_01281074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D746D mov eax, dword ptr fs:[00000030h]14_2_011D746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124C450 mov eax, dword ptr fs:[00000030h]14_2_0124C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124C450 mov eax, dword ptr fs:[00000030h]14_2_0124C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C849B mov eax, dword ptr fs:[00000030h]14_2_011C849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9080 mov eax, dword ptr fs:[00000030h]14_2_011B9080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EF0BF mov ecx, dword ptr fs:[00000030h]14_2_011EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EF0BF mov eax, dword ptr fs:[00000030h]14_2_011EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EF0BF mov eax, dword ptr fs:[00000030h]14_2_011EF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01233884 mov eax, dword ptr fs:[00000030h]14_2_01233884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01233884 mov eax, dword ptr fs:[00000030h]14_2_01233884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F90AF mov eax, dword ptr fs:[00000030h]14_2_011F90AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E20A0 mov eax, dword ptr fs:[00000030h]14_2_011E20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236CF0 mov eax, dword ptr fs:[00000030h]14_2_01236CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236CF0 mov eax, dword ptr fs:[00000030h]14_2_01236CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01236CF0 mov eax, dword ptr fs:[00000030h]14_2_01236CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012714FB mov eax, dword ptr fs:[00000030h]14_2_012714FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov eax, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov ecx, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov eax, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov eax, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov eax, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124B8D0 mov eax, dword ptr fs:[00000030h]14_2_0124B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B58EC mov eax, dword ptr fs:[00000030h]14_2_011B58EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288CD6 mov eax, dword ptr fs:[00000030h]14_2_01288CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DF716 mov eax, dword ptr fs:[00000030h]14_2_011DF716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA70E mov eax, dword ptr fs:[00000030h]14_2_011EA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA70E mov eax, dword ptr fs:[00000030h]14_2_011EA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0128070D mov eax, dword ptr fs:[00000030h]14_2_0128070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0128070D mov eax, dword ptr fs:[00000030h]14_2_0128070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EE730 mov eax, dword ptr fs:[00000030h]14_2_011EE730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124FF10 mov eax, dword ptr fs:[00000030h]14_2_0124FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124FF10 mov eax, dword ptr fs:[00000030h]14_2_0124FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B4F2E mov eax, dword ptr fs:[00000030h]14_2_011B4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B4F2E mov eax, dword ptr fs:[00000030h]14_2_011B4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0127131B mov eax, dword ptr fs:[00000030h]14_2_0127131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288F6A mov eax, dword ptr fs:[00000030h]14_2_01288F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BF358 mov eax, dword ptr fs:[00000030h]14_2_011BF358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BDB40 mov eax, dword ptr fs:[00000030h]14_2_011BDB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CEF40 mov eax, dword ptr fs:[00000030h]14_2_011CEF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E3B7A mov eax, dword ptr fs:[00000030h]14_2_011E3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E3B7A mov eax, dword ptr fs:[00000030h]14_2_011E3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288B58 mov eax, dword ptr fs:[00000030h]14_2_01288B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BDB60 mov ecx, dword ptr fs:[00000030h]14_2_011BDB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CFF60 mov eax, dword ptr fs:[00000030h]14_2_011CFF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C8794 mov eax, dword ptr fs:[00000030h]14_2_011C8794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2397 mov eax, dword ptr fs:[00000030h]14_2_011E2397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01285BA5 mov eax, dword ptr fs:[00000030h]14_2_01285BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EB390 mov eax, dword ptr fs:[00000030h]14_2_011EB390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C1B8F mov eax, dword ptr fs:[00000030h]14_2_011C1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C1B8F mov eax, dword ptr fs:[00000030h]14_2_011C1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0126D380 mov ecx, dword ptr fs:[00000030h]14_2_0126D380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0127138A mov eax, dword ptr fs:[00000030h]14_2_0127138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4BAD mov eax, dword ptr fs:[00000030h]14_2_011E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4BAD mov eax, dword ptr fs:[00000030h]14_2_011E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E4BAD mov eax, dword ptr fs:[00000030h]14_2_011E4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237794 mov eax, dword ptr fs:[00000030h]14_2_01237794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237794 mov eax, dword ptr fs:[00000030h]14_2_01237794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01237794 mov eax, dword ptr fs:[00000030h]14_2_01237794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012353CA mov eax, dword ptr fs:[00000030h]14_2_012353CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012353CA mov eax, dword ptr fs:[00000030h]14_2_012353CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F37F5 mov eax, dword ptr fs:[00000030h]14_2_011F37F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DDBE9 mov eax, dword ptr fs:[00000030h]14_2_011DDBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E03E2 mov eax, dword ptr fs:[00000030h]14_2_011E03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011D3A1C mov eax, dword ptr fs:[00000030h]14_2_011D3A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA61C mov eax, dword ptr fs:[00000030h]14_2_011EA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EA61C mov eax, dword ptr fs:[00000030h]14_2_011EA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B5210 mov eax, dword ptr fs:[00000030h]14_2_011B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B5210 mov ecx, dword ptr fs:[00000030h]14_2_011B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B5210 mov eax, dword ptr fs:[00000030h]14_2_011B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B5210 mov eax, dword ptr fs:[00000030h]14_2_011B5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BAA16 mov eax, dword ptr fs:[00000030h]14_2_011BAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BAA16 mov eax, dword ptr fs:[00000030h]14_2_011BAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C8A0A mov eax, dword ptr fs:[00000030h]14_2_011C8A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0126FE3F mov eax, dword ptr fs:[00000030h]14_2_0126FE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BC600 mov eax, dword ptr fs:[00000030h]14_2_011BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BC600 mov eax, dword ptr fs:[00000030h]14_2_011BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BC600 mov eax, dword ptr fs:[00000030h]14_2_011BC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E8E00 mov eax, dword ptr fs:[00000030h]14_2_011E8E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01271608 mov eax, dword ptr fs:[00000030h]14_2_01271608
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F4A2C mov eax, dword ptr fs:[00000030h]14_2_011F4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F4A2C mov eax, dword ptr fs:[00000030h]14_2_011F4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011BE620 mov eax, dword ptr fs:[00000030h]14_2_011BE620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0126B260 mov eax, dword ptr fs:[00000030h]14_2_0126B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0126B260 mov eax, dword ptr fs:[00000030h]14_2_0126B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288A62 mov eax, dword ptr fs:[00000030h]14_2_01288A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9240 mov eax, dword ptr fs:[00000030h]14_2_011B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9240 mov eax, dword ptr fs:[00000030h]14_2_011B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9240 mov eax, dword ptr fs:[00000030h]14_2_011B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B9240 mov eax, dword ptr fs:[00000030h]14_2_011B9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C7E41 mov eax, dword ptr fs:[00000030h]14_2_011C7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F927A mov eax, dword ptr fs:[00000030h]14_2_011F927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DAE73 mov eax, dword ptr fs:[00000030h]14_2_011DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DAE73 mov eax, dword ptr fs:[00000030h]14_2_011DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DAE73 mov eax, dword ptr fs:[00000030h]14_2_011DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DAE73 mov eax, dword ptr fs:[00000030h]14_2_011DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011DAE73 mov eax, dword ptr fs:[00000030h]14_2_011DAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C766D mov eax, dword ptr fs:[00000030h]14_2_011C766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01244257 mov eax, dword ptr fs:[00000030h]14_2_01244257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_012346A7 mov eax, dword ptr fs:[00000030h]14_2_012346A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011ED294 mov eax, dword ptr fs:[00000030h]14_2_011ED294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011ED294 mov eax, dword ptr fs:[00000030h]14_2_011ED294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01280EA5 mov eax, dword ptr fs:[00000030h]14_2_01280EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01280EA5 mov eax, dword ptr fs:[00000030h]14_2_01280EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01280EA5 mov eax, dword ptr fs:[00000030h]14_2_01280EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0124FE87 mov eax, dword ptr fs:[00000030h]14_2_0124FE87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CAAB0 mov eax, dword ptr fs:[00000030h]14_2_011CAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011CAAB0 mov eax, dword ptr fs:[00000030h]14_2_011CAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011EFAB0 mov eax, dword ptr fs:[00000030h]14_2_011EFAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B52A5 mov eax, dword ptr fs:[00000030h]14_2_011B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B52A5 mov eax, dword ptr fs:[00000030h]14_2_011B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B52A5 mov eax, dword ptr fs:[00000030h]14_2_011B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B52A5 mov eax, dword ptr fs:[00000030h]14_2_011B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011B52A5 mov eax, dword ptr fs:[00000030h]14_2_011B52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E36CC mov eax, dword ptr fs:[00000030h]14_2_011E36CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2ACB mov eax, dword ptr fs:[00000030h]14_2_011E2ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F8EC7 mov eax, dword ptr fs:[00000030h]14_2_011F8EC7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_0126FEC0 mov eax, dword ptr fs:[00000030h]14_2_0126FEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E2AE4 mov eax, dword ptr fs:[00000030h]14_2_011E2AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011E16E0 mov ecx, dword ptr fs:[00000030h]14_2_011E16E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_01288ED6 mov eax, dword ptr fs:[00000030h]14_2_01288ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011C76E2 mov eax, dword ptr fs:[00000030h]14_2_011C76E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 14_2_011F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_011F9910
          Source: C:\Users\user\Desktop\FT - 08082022.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread register set: target process: 3616Jump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
          Source: explorer.exe, 0000000F.00000000.464889138.0000000005610000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.456251373.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.464901492.0000000005E60000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000F.00000000.456251373.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.353721308.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.492071081.00000000005C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000F.00000000.456251373.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.353721308.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.428592787.0000000000B50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager,
          Source: explorer.exe, 0000000F.00000000.456251373.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.353721308.0000000000B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.428592787.0000000000B50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Users\user\Desktop\FT - 08082022.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\FT - 08082022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 14.0.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath Interception312
          Process Injection          		1
          Masquerading          		OS Credential Dumping121
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)312
          Process Injection          		NTDS112
          System Information Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items12
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          FT - 08082022.exe100%AviraHEUR/AGEN.1232160
          FT - 08082022.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.FT - 08082022.exe.680000.0.unpack100%AviraHEUR/AGEN.1232160Download File
          14.0.InstallUtil.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.mcphiecabinetry.site/iw01/0%Avira URL Cloudsafe
          http://james.newtonking.com/projects/json0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.mcphiecabinetry.site/iw01/true
          • Avira URL Cloud: safe
          		low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.nuget.org/packages/Newtonsoft.Json.BsonFT - 08082022.exe, 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpfalse
            		high
            http://google.comFT - 08082022.exe, 00000000.00000002.346131077.0000000002D31000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://james.newtonking.com/projects/jsonFT - 08082022.exe, 00000000.00000002.348247508.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.346772186.0000000002D7A000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.newtonsoft.com/jsonschemaFT - 08082022.exe, 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, FT - 08082022.exe, 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmpfalse
                		high

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:35.0.0 Citrine
                Analysis ID:680396
                Start date and time: 08/08/202214:49:492022-08-08 14:49:49 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 8m 16s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:FT - 08082022.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:22
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:1
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@3/1@0/0
                EGA Information:
                • Successful, ratio: 100%
                HDC Information:
                • Successful, ratio: 92.5% (good quality ratio 79.3%)
                • Quality average: 70.5%
                • Quality standard deviation: 34.3%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 31
                • Number of non-executed functions: 151
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Adjust boot time
                • Enable AMSI

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 52.152.110.14, 20.54.89.106, 20.223.24.244, 40.125.122.176
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, e12564.dspb.akamaiedge.net, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FT - 08082022.exe.log

                Download File
                Process:C:\Users\user\Desktop\FT - 08082022.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1537
                Entropy (8bit):5.3478589519339295
                Encrypted:false
                SSDEEP:48:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzvFHLHKdHKBqHKs:Pq5qXEwCYqhQnoPtIxHeqzNrqdq4qs
                MD5:F6D3657BD1FBEF54E7F7BACB2497E327
                SHA1:A0A712015C242DCC28B69CDF567F594627C9CFA0
                SHA-256:5B16B4A3E65F04484B12171163A2A739409FA7F8C3D69BF9BAD961618D973301
                SHA-512:0231195A111259A3AA48526DCBEA98394099794C710C3FB8E0E12E2B4D30C60FB4064F7F4F671866FB0D94585E23B73C1270440242B25DA60CCFFA82B0B74306
                Malicious:true
                Reputation:moderate, very likely benign file
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):6.849185992513857
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                • Win32 Executable (generic) a (10002005/4) 49.78%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Generic Win/DOS Executable (2004/3) 0.01%
                • DOS Executable Generic (2002/1) 0.01%
                File name:FT - 08082022.exe
                File size:2009088
                MD5:70b100ea1e1466a56a78d3a31dae1e2a
                SHA1:aa775a962d1a1714f06e15f03e244435b52eedfc
                SHA256:58f41297482040338766f554cca18e61888eaf9a9123e2570f48b89a31b601ac
                SHA512:ff41bda505f73c456dbded14078610abaed21dd4a4949d42b3079d3db19e5a623c78b2245e2a4bb88ddce27a59cbd4a4b3ae9ce8b304fbec6bfa6f097e47ac00
                SSDEEP:24576:OPR4a1YlrlM0iylybOe+5V0g3WqtkxOlhRdYWegGXzfMAw2:KxyAOe+5/31rjdYRf
                TLSH:DE957C15B0C228D84FFE066D2039CD09F4C8953898529E3968F3B6BFDBDE4465A56F0E
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b..............0.................. ........@.. ....................................`................................

                File Icon

                Icon Hash:b2a88c96b2ca6a72

                Static PE Info

                General

                Entrypoint:0x5eb9ce
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x62F0C5B9 [Mon Aug 8 08:13:45 2022 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                Entrypoint Preview

                Instruction
                jmp dword ptr [00402000h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x1eb9740x57.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ec0000xa00.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1ee0000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000x1e99d40x1e9a00False0.531388618521828data6.846947333897607IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rsrc0x1ec0000xa000xa00False0.426953125data4.30622895672951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x1ee0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_ICON0x1ec1000x2e8data
                RT_GROUP_ICON0x1ec3f80x14data
                RT_VERSION0x1ec41c0x3b6data
                RT_MANIFEST0x1ec7e40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                Imports

                DLLImport
                mscoree.dll_CorExeMain

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:14:50:52
                Start date:08/08/2022
                Path:C:\Users\user\Desktop\FT - 08082022.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\FT - 08082022.exe"
                Imagebase:0x680000
                File size:2009088 bytes
                MD5 hash:70B100EA1E1466A56A78D3A31DAE1E2A
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.354778776.0000000003E79000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.359453722.000000000D480000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.353706396.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.347927328.0000000002E22000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                Reputation:low

                General

                Target ID:14
                Start time:14:51:39
                Start date:08/08/2022
                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                Imagebase:0x7c0000
                File size:41064 bytes
                MD5 hash:EFEC8C379D165E3F33B536739AEE26A3
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000000.336455722.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:high

                General

                Target ID:15
                Start time:14:51:46
                Start date:08/08/2022
                Path:C:\Windows\explorer.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\Explorer.EXE
                Imagebase:0x7ff6f3b00000
                File size:3933184 bytes
                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.471439159.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000F.00000000.445698170.000000000D40C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                Reputation:high

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:10%
                  Dynamic/Decrypted Code Coverage:100%
                  Signature Coverage:0%
                  Total number of Nodes:134
                  Total number of Limit Nodes:12
                  execution_graph 13096 10b5d68 DuplicateHandle 13097 10b5dfe 13096->13097 13242 10bf238 13243 10bf2a0 CreateWindowExW 13242->13243 13245 10bf35c 13243->13245 13245->13245 13098 10b7600 13099 10b762e 13098->13099 13102 10b5740 13099->13102 13101 10b764e 13101->13101 13103 10b574b 13102->13103 13104 10b8446 13103->13104 13107 10b97e8 13103->13107 13112 10b97f8 13103->13112 13104->13101 13108 10b97f8 13107->13108 13109 10b983d 13108->13109 13117 10b9998 13108->13117 13121 10b99a8 13108->13121 13109->13104 13113 10b9819 13112->13113 13114 10b983d 13113->13114 13115 10b9998 GetModuleHandleW 13113->13115 13116 10b99a8 GetModuleHandleW 13113->13116 13114->13104 13115->13114 13116->13114 13118 10b99b5 13117->13118 13119 10b99ee 13118->13119 13125 10b7ce8 13118->13125 13119->13109 13122 10b99b5 13121->13122 13123 10b99ee 13122->13123 13124 10b7ce8 GetModuleHandleW 13122->13124 13123->13109 13124->13123 13126 10b7cf3 13125->13126 13128 10b9a60 13126->13128 13129 10b7d1c 13126->13129 13130 10b7d27 13129->13130 13132 10b9cbf 13130->13132 13136 10b5548 13130->13136 13143 10bd1f0 13132->13143 13152 10bd208 13132->13152 13133 10b9cf8 13133->13128 13137 10b5553 13136->13137 13139 10b81e6 13137->13139 13161 10baf08 13137->13161 13138 10b8224 13138->13132 13139->13138 13140 10b97e8 GetModuleHandleW 13139->13140 13141 10b97f8 GetModuleHandleW 13139->13141 13140->13138 13141->13138 13145 10bd239 13143->13145 13146 10bd32a 13143->13146 13144 10bd245 13144->13133 13145->13144 13173 10bd460 13145->13173 13177 10bd470 13145->13177 13146->13133 13147 10bd285 13180 10be432 13147->13180 13191 10be440 13147->13191 13154 10bd239 13152->13154 13156 10bd32a 13152->13156 13153 10bd245 13153->13133 13154->13153 13159 10bd460 GetModuleHandleW 13154->13159 13160 10bd470 GetModuleHandleW 13154->13160 13155 10bd285 13157 10be432 GetModuleHandleW 13155->13157 13158 10be440 GetModuleHandleW 13155->13158 13156->13133 13157->13156 13158->13156 13159->13155 13160->13155 13166 10b7f18 13161->13166 13164 10baf2b 13164->13139 13167 10bb5f0 GetModuleHandleW 13166->13167 13169 10baf1b 13167->13169 13169->13164 13170 10bb951 13169->13170 13171 10b7f18 GetModuleHandleW 13170->13171 13172 10bb974 13171->13172 13172->13164 13174 10bd470 13173->13174 13175 10baf08 GetModuleHandleW 13174->13175 13176 10bd479 13175->13176 13176->13147 13178 10baf08 GetModuleHandleW 13177->13178 13179 10bd479 13178->13179 13179->13147 13181 10be402 13180->13181 13182 10be43e 13180->13182 13181->13146 13201 10bc0fc 13182->13201 13185 10be4e8 13186 10b7f18 GetModuleHandleW 13185->13186 13187 10be511 13185->13187 13186->13187 13189 10bc0fc GetModuleHandleW 13189->13185 13192 10be46a 13191->13192 13193 10bc0fc GetModuleHandleW 13192->13193 13194 10be4cc 13193->13194 13198 10be898 GetModuleHandleW 13194->13198 13199 10bc0fc GetModuleHandleW 13194->13199 13200 10be940 GetModuleHandleW 13194->13200 13195 10be4e8 13196 10b7f18 GetModuleHandleW 13195->13196 13197 10be511 13195->13197 13196->13197 13197->13197 13198->13195 13199->13195 13200->13195 13202 10bc107 13201->13202 13203 10be4cc 13202->13203 13216 10beaa0 13202->13216 13226 10beab0 13202->13226 13203->13189 13206 10be940 13203->13206 13211 10be898 13203->13211 13207 10be96d 13206->13207 13208 10be9ee 13207->13208 13209 10beaa0 GetModuleHandleW 13207->13209 13210 10beab0 GetModuleHandleW 13207->13210 13209->13208 13210->13208 13212 10be8a8 13211->13212 13213 10be8b3 13212->13213 13214 10beaa0 GetModuleHandleW 13212->13214 13215 10beab0 GetModuleHandleW 13212->13215 13213->13185 13214->13213 13215->13213 13217 10beaa5 13216->13217 13218 10b7f18 GetModuleHandleW 13217->13218 13219 10beae9 13217->13219 13218->13219 13220 10b7f18 GetModuleHandleW 13219->13220 13225 10beca5 13219->13225 13221 10bec2b 13220->13221 13222 10b7f18 GetModuleHandleW 13221->13222 13221->13225 13223 10bec79 13222->13223 13224 10b7f18 GetModuleHandleW 13223->13224 13223->13225 13224->13225 13225->13203 13227 10beac5 13226->13227 13228 10b7f18 GetModuleHandleW 13227->13228 13229 10beae9 13227->13229 13228->13229 13230 10b7f18 GetModuleHandleW 13229->13230 13235 10beca5 13229->13235 13231 10bec2b 13230->13231 13232 10b7f18 GetModuleHandleW 13231->13232 13231->13235 13233 10bec79 13232->13233 13234 10b7f18 GetModuleHandleW 13233->13234 13233->13235 13234->13235 13235->13203 13236 10bf480 SetWindowLongW 13237 10bf4ec 13236->13237 13238 10bcfe0 13239 10bd028 LoadLibraryExW 13238->13239 13240 10bd022 13238->13240 13241 10bd059 13239->13241 13240->13239 13246 10b57d0 13247 10b57ef 13246->13247 13250 10b5378 13247->13250 13249 10b57f8 13251 10b5383 13250->13251 13254 10b5434 13251->13254 13253 10b5b19 13253->13249 13255 10b543f 13254->13255 13256 10b5548 GetModuleHandleW 13255->13256 13257 10b5c1d 13256->13257 13257->13253

                  Executed Functions

                  Function 010BF22C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 10bf22c-10bf29e 2 10bf2a9-10bf2b0 0->2 3 10bf2a0-10bf2a6 0->3 4 10bf2bb-10bf2f3 2->4 5 10bf2b2-10bf2b8 2->5 3->2 6 10bf2fb-10bf35a CreateWindowExW 4->6 5->4 7 10bf35c-10bf362 6->7 8 10bf363-10bf39b 6->8 7->8 12 10bf3a8 8->12 13 10bf39d-10bf3a0 8->13 14 10bf3a9 12->14 13->12 14->14
                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 010BF34A
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: e2e6c45003cd6ce1b8e771378fc42d51f6563344d2e49954218717e7622dd03f
                  • Instruction ID: dfa595f5e2c8e5c9aa5345ed300d08ec01c6698e1090693f1a3e2624d9a28742
                  • Opcode Fuzzy Hash: e2e6c45003cd6ce1b8e771378fc42d51f6563344d2e49954218717e7622dd03f
                  • Instruction Fuzzy Hash: 1551B0B1D003099FDF14CFAAC884ADEBFB5BF88314F64812AE419AB250D7749945CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BF238 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 15 10bf238-10bf29e 16 10bf2a9-10bf2b0 15->16 17 10bf2a0-10bf2a6 15->17 18 10bf2bb-10bf35a CreateWindowExW 16->18 19 10bf2b2-10bf2b8 16->19 17->16 21 10bf35c-10bf362 18->21 22 10bf363-10bf39b 18->22 19->18 21->22 26 10bf3a8 22->26 27 10bf39d-10bf3a0 22->27 28 10bf3a9 26->28 27->26 28->28
                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 010BF34A
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: 213552de25505220c1b85819c34e5200c62fbf5e873055100cfd339054c1a880
                  • Instruction ID: b6b57d462ac7444c40dc4b8fbc8bc87ec5b663b0a95b7128c7963f078aa3c42e
                  • Opcode Fuzzy Hash: 213552de25505220c1b85819c34e5200c62fbf5e873055100cfd339054c1a880
                  • Instruction Fuzzy Hash: 2141AEB1D103099FDB14CFAAC884ADEBBB5BF88314F64812AE819AB250D7749945CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010B5D68 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 34 10b5d68-10b5dfc DuplicateHandle 35 10b5dfe-10b5e04 34->35 36 10b5e05-10b5e22 34->36 35->36
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010B5DEF
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: a1f092fac835e4809e0a802a57678007cb34dec99da72a1095f4dc609dc078fe
                  • Instruction ID: fd6fd9116295adcd5ce2c4cafc34c61e81a65357f959c11d60131ab205616418
                  • Opcode Fuzzy Hash: a1f092fac835e4809e0a802a57678007cb34dec99da72a1095f4dc609dc078fe
                  • Instruction Fuzzy Hash: 8F21E2B59002089FDB10CFAAD884ADEBBF8EB48324F14801AE954A3350D378A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010B5D60 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 29 10b5d60-10b5dfc DuplicateHandle 30 10b5dfe-10b5e04 29->30 31 10b5e05-10b5e22 29->31 30->31
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010B5DEF
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: 8253bc787eb7b28d0db46fab214142687a8071880665d61a79e76788a6a31bb6
                  • Instruction ID: 6df94736a4e75090104c161e26cd037188af345e19e2127d06c34db56564180c
                  • Opcode Fuzzy Hash: 8253bc787eb7b28d0db46fab214142687a8071880665d61a79e76788a6a31bb6
                  • Instruction Fuzzy Hash: 9E21E4B5D002089FDF10CFA9D984AEEBBF4EB48324F14841AE955B3750D374A944CFA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BCFD8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 39 10bcfd8-10bd020 40 10bd028-10bd057 LoadLibraryExW 39->40 41 10bd022-10bd025 39->41 42 10bd059-10bd05f 40->42 43 10bd060-10bd07d 40->43 41->40 42->43
                  APIs
                  • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 010BD04A
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 62c1b33047c7e8b5a249a139305aa2af9f69fb3f13af32d5d847dd0b169eef22
                  • Instruction ID: 0271a3e434d99eb93d2fad412449b8da64813ec1076c63665a971c81216b9ab2
                  • Opcode Fuzzy Hash: 62c1b33047c7e8b5a249a139305aa2af9f69fb3f13af32d5d847dd0b169eef22
                  • Instruction Fuzzy Hash: 821114B69002088FDB10CF9AD484BDEFBF4AB48324F04842EE559A7710C378A945CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BCFE0 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 46 10bcfe0-10bd020 47 10bd028-10bd057 LoadLibraryExW 46->47 48 10bd022-10bd025 46->48 49 10bd059-10bd05f 47->49 50 10bd060-10bd07d 47->50 48->47 49->50
                  APIs
                  • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 010BD04A
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 3e84ddd3dfb20da22c48d2a4cb7237428fc44045b81496003c7f912715e50c6f
                  • Instruction ID: 1ecf485613f74a18f071de14e459a2bd6b9e796c4bac6b567b9834b4ee9dc402
                  • Opcode Fuzzy Hash: 3e84ddd3dfb20da22c48d2a4cb7237428fc44045b81496003c7f912715e50c6f
                  • Instruction Fuzzy Hash: BE1112B69002088FDB10CF9AC484BDEFBF4AB88324F00842AE559A7710C379A945CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010B7F18 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 53 10b7f18-10bb630 55 10bb638-10bb663 GetModuleHandleW 53->55 56 10bb632-10bb635 53->56 57 10bb66c-10bb680 55->57 58 10bb665-10bb66b 55->58 56->55 58->57
                  APIs
                  • GetModuleHandleW.KERNELBASE(00000000), ref: 010BB656
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: e67b422867891a50f1e1f69d4c0e9a7e3ed72f4cda85154ba2d866dee75b7cf9
                  • Instruction ID: 467b6a072a33ceac818112bfd30af4b438efe83a28f39ae64bb70a412d928d41
                  • Opcode Fuzzy Hash: e67b422867891a50f1e1f69d4c0e9a7e3ed72f4cda85154ba2d866dee75b7cf9
                  • Instruction Fuzzy Hash: 391102B2C006498FDB10DF9AC484BDEFBF4EB88324F14845AD559B7610D378A945CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BB5E8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 60 10bb5e8-10bb630 61 10bb638-10bb663 GetModuleHandleW 60->61 62 10bb632-10bb635 60->62 63 10bb66c-10bb680 61->63 64 10bb665-10bb66b 61->64 62->61 64->63
                  APIs
                  • GetModuleHandleW.KERNELBASE(00000000), ref: 010BB656
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: 219ccf1cd476772728260fd5314321c36289f05d689648c0ed6bc2baa069b1c9
                  • Instruction ID: e8b1cd75a919544cbdf1b5d5e3dc45f7622a0d39e75a3f1d7932f5f9494dbd44
                  • Opcode Fuzzy Hash: 219ccf1cd476772728260fd5314321c36289f05d689648c0ed6bc2baa069b1c9
                  • Instruction Fuzzy Hash: 931113B5C002498FDB10CF9AC484BDEFBF4AF88224F14845AD569B7610C378A545CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BF480 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 66 10bf480-10bf4ea SetWindowLongW 67 10bf4ec-10bf4f2 66->67 68 10bf4f3-10bf507 66->68 67->68
                  APIs
                  • SetWindowLongW.USER32(?,?,?), ref: 010BF4DD
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: LongWindow
                  • String ID:
                  • API String ID: 1378638983-0
                  • Opcode ID: 0815c03ec3f53e0f008d15f9fef080d3bfc0f2518970b71c474477d9a2184048
                  • Instruction ID: f1d9e0a1fa8bf3cff54a0176f5b50813bec027f096af8d3a5f7e2aa5a3f5cc36
                  • Opcode Fuzzy Hash: 0815c03ec3f53e0f008d15f9fef080d3bfc0f2518970b71c474477d9a2184048
                  • Instruction Fuzzy Hash: EB1112B58002098FDB10CF9AD884BDEBBF8EB48324F10841AE959B3700C378A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BF47A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 70 10bf47a-10bf4ea SetWindowLongW 71 10bf4ec-10bf4f2 70->71 72 10bf4f3-10bf507 70->72 71->72
                  APIs
                  • SetWindowLongW.USER32(?,?,?), ref: 010BF4DD
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID: LongWindow
                  • String ID:
                  • API String ID: 1378638983-0
                  • Opcode ID: f78d99c498dd7c9cfad9d9f307ef3088308392d3201c90b6ef935f2cf01fc900
                  • Instruction ID: cdae345e0580514930f85bbbb10d39e4c709b6c78c82f9586fc6091cace3266c
                  • Opcode Fuzzy Hash: f78d99c498dd7c9cfad9d9f307ef3088308392d3201c90b6ef935f2cf01fc900
                  • Instruction Fuzzy Hash: 511112B58002098FDB10CF99D585BDEFBF8EB48324F10841AD959B3740C378A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0105D4E0 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342128270.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_105d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ca0faa85ebd5dbf541f78d5478f5d7a422a02d4e29cc384a0e35851ea68c1424
                  • Instruction ID: 44d7e62de18061233731d9a44422097fb8e9cdd7ad2b679d342c983298cb933d
                  • Opcode Fuzzy Hash: ca0faa85ebd5dbf541f78d5478f5d7a422a02d4e29cc384a0e35851ea68c1424
                  • Instruction Fuzzy Hash: DC2103B1504240DFDB41DF54D9C0B2BBFA5FB8832CF2485AAED4A4B656C336D845CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0106D01C Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342523921.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_106d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c7a39dc10e74708ce188ef4370eb571750072d973666a58344e1ca7ae2972981
                  • Instruction ID: 1b4c50cd013ba046da8590b7347a6cc4ee1a011ebc75b81431c54c8343f25f73
                  • Opcode Fuzzy Hash: c7a39dc10e74708ce188ef4370eb571750072d973666a58344e1ca7ae2972981
                  • Instruction Fuzzy Hash: 6C210375604240DFEB11CF54D9C0B26BBA9EB84254F24C9ADE8894B646C33AD806CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0106D238 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342523921.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_106d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e4831fca7c50b6c3eb1e5b2d5fcc03263ec04c175c7e4b589f51cb92d030d4aa
                  • Instruction ID: 7aaec6ba41e786506e775323e527016f253707b5253e95289888cd2307dc9130
                  • Opcode Fuzzy Hash: e4831fca7c50b6c3eb1e5b2d5fcc03263ec04c175c7e4b589f51cb92d030d4aa
                  • Instruction Fuzzy Hash: B32108B1604241DFD741DF58D5C0B2ABBA9FB94624F24C56DD8C94B641C335D805C7A1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0106D006 Relevance: .1, Instructions: 62COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342523921.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_106d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7daf1f7dafa9e53496d05447073ad9e00642dce3c2a7549c07f4d92bbc678e77
                  • Instruction ID: 47aa6dbf2702270f908848ce3f64c610032d0574081cfe771c82c4c6feabe417
                  • Opcode Fuzzy Hash: 7daf1f7dafa9e53496d05447073ad9e00642dce3c2a7549c07f4d92bbc678e77
                  • Instruction Fuzzy Hash: DE2192755093C09FDB13CF24D990B15BFB1EB46214F28C5DAD8898B657C33AD80ACB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0105D4DB Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342128270.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_105d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 70e3174f8edcb6d955f2eaa729e5c8d0859060427c3956fb55596ee94f2e5266
                  • Instruction ID: 7347096c754dad9640fa12a1ba58a143493996ef0237588131ed714564d12914
                  • Opcode Fuzzy Hash: 70e3174f8edcb6d955f2eaa729e5c8d0859060427c3956fb55596ee94f2e5266
                  • Instruction Fuzzy Hash: 5211AF76404280DFDB52CF54D5C4B16BFB1FB88328F28C6AADD494B616C336D45ACBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0106D233 Relevance: .1, Instructions: 51COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342523921.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_106d000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ecfd962ddb88dcdb9094388b0bda8894407d59dd2f08d27956c406bb9c6de772
                  • Instruction ID: 889f21905ed0f99cd80c5da23f2ddb111bff58851c49eeebe525729864b29329
                  • Opcode Fuzzy Hash: ecfd962ddb88dcdb9094388b0bda8894407d59dd2f08d27956c406bb9c6de772
                  • Instruction Fuzzy Hash: D011E771504280DFD742CF58D6C0B15FFB1FB94324F24C6AAD88847646C339D44ACB51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 010BDAC0 Relevance: .3, Instructions: 315COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bb637e21167d7d91d07d9c9e073cebb6f5d4ecf2a0833eac755647935d9ae582
                  • Instruction ID: c3fe0f36c2aa8fbc99e0c4b4c56b5f62721a64c8333f24721e37d29f96590cf3
                  • Opcode Fuzzy Hash: bb637e21167d7d91d07d9c9e073cebb6f5d4ecf2a0833eac755647935d9ae582
                  • Instruction Fuzzy Hash: 3312C5B14137668AE330CF69EC981897BB0B745329F914209DEE11FAD8D7BE114ACF46
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BBF14 Relevance: .3, Instructions: 265COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7fb5c8cfd51e6379c410973e2b3bd226fa8d280d0c0c95d77535ae14024695f2
                  • Instruction ID: 4cc674131589f620f6426a7caaaec0a10c7b621cebd734ae3b4e0133ecf9aae8
                  • Opcode Fuzzy Hash: 7fb5c8cfd51e6379c410973e2b3bd226fa8d280d0c0c95d77535ae14024695f2
                  • Instruction Fuzzy Hash: B3A16F32E1021A8FDF05DFA5C9849DEBBF2FF85300B15856AE945BB221EB71A905CF40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 010BDAA5 Relevance: .2, Instructions: 226COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.342947068.00000000010B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010B0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_10b0000_FT - 08082022.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 918fdb28efe8effe8830a8999f8a96e91775f2048c95d85208ade91822cfd5a7
                  • Instruction ID: 01063bda1e7fc0e77d4438e0c4aa985a342568ee5b4301569d7185cca68470d8
                  • Opcode Fuzzy Hash: 918fdb28efe8effe8830a8999f8a96e91775f2048c95d85208ade91822cfd5a7
                  • Instruction Fuzzy Hash: A8C145B18137668BD320CF68EC881897BB0BB85328F514209DDE16F6D8D7BE114ACF95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Execution Graph

                  Execution Coverage:0.7%
                  Dynamic/Decrypted Code Coverage:100%
                  Signature Coverage:54.4%
                  Total number of Nodes:1408
                  Total number of Limit Nodes:60
                  execution_graph 15040 1282b28 15046 1282b46 15040->15046 15041 1282bbf 15052 127a80d 15041->15052 15042 1282bd3 15044 1282c15 15042->15044 15045 1282c36 15042->15045 15047 127a80d 27 API calls 15044->15047 15056 128241a 15045->15056 15046->15041 15046->15042 15050 1282bce 15047->15050 15049 1282c4a 15049->15050 15060 1283209 RtlDebugPrintTimes 15049->15060 15053 127a84e 15052->15053 15054 127a81c 15052->15054 15053->15050 15064 126ff41 15054->15064 15057 128242f 15056->15057 15059 128246c 15057->15059 15146 12822ae 15057->15146 15059->15049 15061 1283242 15060->15061 15062 11fb640 __cftof 11 API calls 15061->15062 15063 128324d 15062->15063 15063->15050 15065 126ff4d __cftof 15064->15065 15066 126ffaf __cftof 15065->15066 15068 1272073 15065->15068 15066->15053 15078 126fd22 15068->15078 15070 127207d 15071 1272085 15070->15071 15072 12720a4 15070->15072 15081 1268df1 15071->15081 15073 12720be 15072->15073 15089 1271c06 GetPEB 15072->15089 15073->15066 15079 11f9670 __cftof LdrInitializeThunk 15078->15079 15080 126fd3d 15079->15080 15080->15070 15145 120d0e8 15081->15145 15083 1268dfd GetPEB 15084 1268e10 15083->15084 15085 1245720 __cftof 11 API calls 15084->15085 15086 1268e2f __cftof 15084->15086 15085->15086 15087 120d130 __cftof 11 API calls 15086->15087 15088 1268ebd 15087->15088 15088->15066 15090 1271c20 GetPEB 15089->15090 15091 1271c3d 15089->15091 15093 11bb150 __cftof 11 API calls 15090->15093 15092 11bb150 __cftof 11 API calls 15091->15092 15094 1271c3a 15092->15094 15093->15094 15095 11bb150 __cftof 11 API calls 15094->15095 15096 1271c5a GetPEB 15095->15096 15098 1271ce7 GetPEB 15096->15098 15099 1271d04 15096->15099 15100 11bb150 __cftof 11 API calls 15098->15100 15101 11bb150 __cftof 11 API calls 15099->15101 15102 1271d01 15100->15102 15101->15102 15103 11bb150 __cftof 11 API calls 15102->15103 15104 1271d1c 15103->15104 15105 1271d27 GetPEB 15104->15105 15130 1271d66 15104->15130 15107 1271d32 GetPEB 15105->15107 15108 1271d4f 15105->15108 15106 1271d70 GetPEB 15112 1271d7b GetPEB 15106->15112 15113 1271d98 15106->15113 15110 11bb150 __cftof 11 API calls 15107->15110 15111 11bb150 __cftof 11 API calls 15108->15111 15109 1271db9 GetPEB 15114 1271dc4 GetPEB 15109->15114 15115 1271de1 15109->15115 15116 1271d4c 15110->15116 15111->15116 15117 11bb150 __cftof 11 API calls 15112->15117 15120 11bb150 __cftof 11 API calls 15113->15120 15121 11bb150 __cftof 11 API calls 15114->15121 15122 11bb150 __cftof 11 API calls 15115->15122 15126 11bb150 __cftof 11 API calls 15116->15126 15127 1271d95 15117->15127 15118 1271df8 15119 1271e0a GetPEB 15118->15119 15123 1271e52 GetPEB 15118->15123 15124 1271e15 GetPEB 15119->15124 15125 1271e32 15119->15125 15120->15127 15129 1271dde 15121->15129 15122->15129 15131 1271e5d GetPEB 15123->15131 15132 1271e7a 15123->15132 15133 11bb150 __cftof 11 API calls 15124->15133 15128 11bb150 __cftof 11 API calls 15125->15128 15126->15130 15134 11bb150 __cftof 11 API calls 15127->15134 15137 1271e2f 15128->15137 15136 11bb150 __cftof 11 API calls 15129->15136 15130->15106 15135 1271daf 15130->15135 15138 11bb150 __cftof 11 API calls 15131->15138 15139 11bb150 __cftof 11 API calls 15132->15139 15133->15137 15134->15135 15135->15109 15135->15118 15136->15118 15140 11bb150 __cftof 11 API calls 15137->15140 15141 1271e77 15138->15141 15139->15141 15142 1271e4f 15140->15142 15143 11bb150 __cftof 11 API calls 15141->15143 15142->15123 15144 1271e90 GetPEB 15143->15144 15144->15073 15145->15083 15147 12822dd 15146->15147 15149 12823ee 15147->15149 15150 1282fbd 15147->15150 15149->15057 15151 1282fe4 15150->15151 15152 12830a2 RtlDebugPrintTimes 15151->15152 15153 1283074 RtlDebugPrintTimes 15151->15153 15154 1283089 15152->15154 15153->15154 15155 11fb640 __cftof 11 API calls 15154->15155 15156 12830f0 15155->15156 15156->15149 15157 11b1190 15158 11b11a0 15157->15158 15160 11b11be 15157->15160 15158->15160 15161 11b11e0 15158->15161 15163 11b1204 15161->15163 15162 11fb640 __cftof 11 API calls 15164 11b1296 15162->15164 15163->15162 15164->15160 14402 1285ba5 14403 1285bb4 __cftof 14402->14403 14409 1285c10 14403->14409 14411 1285c2a __cftof 14403->14411 14413 1284c56 14403->14413 14423 120d130 14409->14423 14410 12860cf GetPEB 14410->14411 14411->14409 14411->14410 14412 11f9710 LdrInitializeThunk 14411->14412 14417 11f6de6 14411->14417 14412->14411 14414 1284c62 __cftof 14413->14414 14415 120d130 __cftof 11 API calls 14414->14415 14416 1284caa 14415->14416 14416->14411 14419 11f6e03 14417->14419 14422 11f6e73 14417->14422 14420 11f6e53 14419->14420 14419->14422 14426 11f6ebe 14419->14426 14420->14422 14434 11e6a60 14420->14434 14422->14411 14424 11fb640 __cftof 11 API calls 14423->14424 14425 120d13a 14424->14425 14425->14425 14439 11ceef0 14426->14439 14429 11f6f0d 14444 11ceb70 14429->14444 14432 11f6f48 14432->14419 14433 11f6eeb 14433->14429 14450 11f7742 14433->14450 14456 12684e0 14433->14456 14435 11e6a8d __cftof 14434->14435 14436 1228025 14434->14436 14435->14436 14437 11fb640 __cftof 11 API calls 14435->14437 14438 11e6b66 14437->14438 14438->14422 14440 11cef0c 14439->14440 14441 11cef21 14439->14441 14440->14433 14442 11cef29 14441->14442 14462 11cef40 14441->14462 14442->14433 14445 11ceb81 14444->14445 14449 11ceb9e 14444->14449 14447 11cebac 14445->14447 14445->14449 14726 124ff10 14445->14726 14447->14449 14720 11b4dc0 14447->14720 14449->14432 14451 11f7827 14450->14451 14454 11f7768 __cftof 14450->14454 14451->14433 14453 11ceef0 26 API calls 14453->14454 14454->14451 14454->14453 14455 11ceb70 33 API calls 14454->14455 14796 11f9660 LdrInitializeThunk 14454->14796 14455->14454 14457 1268511 14456->14457 14458 11ceb70 33 API calls 14457->14458 14459 1268556 14458->14459 14460 11ceef0 26 API calls 14459->14460 14461 12685f1 14460->14461 14461->14433 14463 11cf0bd 14462->14463 14464 11cef5d 14462->14464 14463->14464 14500 11b9080 14463->14500 14467 11cf071 14464->14467 14469 11cf042 14464->14469 14470 11b2d8a 14464->14470 14467->14440 14468 11cf053 GetPEB 14468->14467 14469->14467 14469->14468 14471 11b2df1 __cftof 14470->14471 14472 11b2db8 14470->14472 14475 120f9d0 GetPEB 14471->14475 14476 120f9e3 GetPEB 14471->14476 14481 11b2e5a 14471->14481 14504 11d7d50 GetPEB 14471->14504 14517 124fe87 14471->14517 14524 124fdda 14471->14524 14530 124ffb9 14471->14530 14538 1245720 14471->14538 14472->14471 14473 11b2de7 14472->14473 14506 11b2e9f 14472->14506 14473->14471 14510 11e1624 14473->14510 14475->14476 14476->14471 14482 11b2e61 14481->14482 14488 11b2e99 __cftof 14481->14488 14483 11b2e69 14482->14483 14484 11d7d50 GetPEB 14482->14484 14483->14464 14486 120fa76 14484->14486 14489 120fa8a 14486->14489 14490 120fa7a GetPEB 14486->14490 14487 11b2ece 14487->14464 14488->14487 14553 11f95d0 LdrInitializeThunk 14488->14553 14489->14483 14492 120fa97 GetPEB 14489->14492 14490->14489 14492->14483 14494 120faaa 14492->14494 14495 11d7d50 GetPEB 14494->14495 14496 120faaf 14495->14496 14497 120fac3 14496->14497 14498 120fab3 GetPEB 14496->14498 14497->14483 14541 1237016 14497->14541 14498->14497 14501 11b9098 14500->14501 14502 11b909e GetPEB 14500->14502 14501->14502 14503 11b90aa 14502->14503 14503->14464 14505 11d7d5d 14504->14505 14505->14471 14507 11b2ebb __cftof 14506->14507 14509 11b2ece 14507->14509 14554 11f95d0 LdrInitializeThunk 14507->14554 14509->14473 14555 11e16e0 14510->14555 14512 11e1630 14516 11e1691 14512->14516 14559 11e16c7 14512->14559 14515 11e165a 14515->14516 14566 11ea185 14515->14566 14516->14471 14518 11d7d50 GetPEB 14517->14518 14519 124fec1 14518->14519 14520 124fec5 GetPEB 14519->14520 14521 124fed5 __cftof 14519->14521 14520->14521 14592 11fb640 14521->14592 14523 124fef8 14523->14471 14525 124fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14524->14525 14526 1245720 __cftof 11 API calls 14525->14526 14527 124fe0f 14526->14527 14528 1245720 __cftof 11 API calls 14527->14528 14529 124fe39 14528->14529 14529->14471 14531 124ffc8 __cftof 14530->14531 14669 11ee730 14531->14669 14680 11bb171 14538->14680 14542 1237052 14541->14542 14543 1237073 GetPEB 14542->14543 14548 1237084 14542->14548 14543->14548 14544 1237136 14546 11fb640 __cftof 11 API calls 14544->14546 14545 1237125 GetPEB 14545->14544 14547 1237147 14546->14547 14547->14483 14548->14544 14549 11d7d50 GetPEB 14548->14549 14552 1237101 __cftof 14548->14552 14550 12370ec 14549->14550 14551 12370f0 GetPEB 14550->14551 14550->14552 14551->14552 14552->14544 14552->14545 14553->14487 14554->14509 14556 11e16ed 14555->14556 14557 11e16f3 GetPEB 14556->14557 14558 11e16f1 14556->14558 14557->14558 14558->14512 14560 11e16da 14559->14560 14561 12255f4 14559->14561 14560->14515 14571 126bbf0 14561->14571 14565 122560a 14567 11ea192 14566->14567 14568 11ea1a0 14566->14568 14567->14516 14568->14567 14569 11ea1b0 GetPEB 14568->14569 14570 11ea1c1 14569->14570 14570->14516 14572 126bc12 14571->14572 14573 12255fb 14572->14573 14579 126c08a 14572->14579 14573->14565 14575 126bf33 14573->14575 14576 126bf4c 14575->14576 14578 126bf97 14576->14578 14587 126be9b 14576->14587 14578->14565 14580 126c0c6 14579->14580 14582 126c104 __cftof 14580->14582 14583 126bfdb 14580->14583 14582->14573 14585 126bfeb 14583->14585 14586 126bfef 14583->14586 14584 126bdfa LdrInitializeThunk 14584->14585 14585->14582 14586->14584 14586->14585 14588 126beb3 14587->14588 14589 126bf08 14588->14589 14591 11f9660 LdrInitializeThunk 14588->14591 14589->14578 14591->14589 14593 11fb64b 14592->14593 14594 11fb648 14592->14594 14597 126b590 14593->14597 14594->14523 14596 11fb74a __cftof 14596->14523 14600 126b260 14597->14600 14599 126b5a3 14599->14596 14658 120d08c 14600->14658 14602 126b26c GetPEB 14603 126b279 GetPEB 14602->14603 14605 126b293 14603->14605 14606 126b2ba 14605->14606 14607 126b48b 14605->14607 14657 126b54b 14605->14657 14608 126b2c6 14606->14608 14609 126b414 14606->14609 14610 1245720 __cftof 9 API calls 14607->14610 14612 126b2ce 14608->14612 14613 126b32d 14608->14613 14615 1245720 __cftof 9 API calls 14609->14615 14614 126b49e 14610->14614 14611 126b56b __cftof 14611->14599 14617 126b2f3 14612->14617 14618 126b2da 14612->14618 14624 126b396 14613->14624 14630 126b34d 14613->14630 14653 126b2eb 14613->14653 14622 1245720 __cftof 9 API calls 14614->14622 14619 126b427 14615->14619 14621 1245720 __cftof 9 API calls 14617->14621 14620 1245720 __cftof 9 API calls 14618->14620 14623 1245720 __cftof 9 API calls 14619->14623 14620->14653 14626 126b302 14621->14626 14627 126b4c2 14622->14627 14629 126b43e 14623->14629 14628 1245720 __cftof 9 API calls 14624->14628 14625 1245720 __cftof 9 API calls 14632 126b4fd 14625->14632 14633 1245720 __cftof 9 API calls 14626->14633 14634 126b4cc 14627->14634 14640 126b320 14627->14640 14635 126b3aa 14628->14635 14636 1245720 __cftof 9 API calls 14629->14636 14631 1245720 __cftof 9 API calls 14630->14631 14643 126b361 14631->14643 14645 1245720 __cftof 9 API calls 14632->14645 14650 126b519 14632->14650 14637 126b311 14633->14637 14638 1245720 __cftof 9 API calls 14634->14638 14639 126b3b6 14635->14639 14644 126b38f 14635->14644 14636->14640 14647 1245720 __cftof 9 API calls 14637->14647 14638->14653 14648 1245720 __cftof 9 API calls 14639->14648 14641 1245720 __cftof 9 API calls 14640->14641 14640->14653 14641->14653 14642 126b371 14654 1245720 __cftof 9 API calls 14642->14654 14643->14642 14643->14644 14649 1245720 __cftof 9 API calls 14644->14649 14645->14650 14646 1245720 __cftof 9 API calls 14651 126b528 14646->14651 14647->14640 14652 126b3c5 14648->14652 14649->14653 14650->14646 14656 1245720 __cftof 9 API calls 14651->14656 14651->14657 14655 1245720 __cftof 9 API calls 14652->14655 14653->14625 14654->14653 14655->14653 14656->14657 14657->14611 14659 1240c30 14657->14659 14658->14602 14660 1240c50 14659->14660 14663 1240c49 14659->14663 14661 124193b __cftof LdrInitializeThunk 14660->14661 14662 1240c5e 14661->14662 14662->14663 14664 1241c76 __cftof LdrInitializeThunk 14662->14664 14663->14611 14665 1240c70 14664->14665 14666 1240fec __cftof 11 API calls 14665->14666 14667 1240c91 14666->14667 14668 124193b __cftof LdrInitializeThunk 14667->14668 14668->14663 14675 11f9670 14669->14675 14677 11f967a 14675->14677 14678 11f968f LdrInitializeThunk 14677->14678 14679 11f9681 14677->14679 14681 11bb180 __cftof 14680->14681 14682 11bb1b0 GetPEB 14681->14682 14688 11bb1c0 __cftof 14681->14688 14682->14688 14683 120d130 __cftof 9 API calls 14684 11bb1de 14683->14684 14684->14471 14686 1214904 GetPEB 14687 11bb1d1 __cftof 14686->14687 14687->14683 14688->14686 14688->14687 14690 11fe2d0 14688->14690 14693 11fe2ed 14690->14693 14692 11fe2e8 14692->14688 14694 11fe30f 14693->14694 14695 11fe2fb 14693->14695 14697 11fe332 14694->14697 14698 11fe31e 14694->14698 14702 11fb58e 14695->14702 14707 1202440 14697->14707 14699 11fb58e __cftof 11 API calls 14698->14699 14701 11fe307 _vswprintf_s 14699->14701 14701->14692 14703 11bb150 __cftof 11 API calls 14702->14703 14704 11fb627 14703->14704 14705 11fb640 __cftof 11 API calls 14704->14705 14706 11fb632 14705->14706 14706->14701 14708 120249a 14707->14708 14709 12024af 14707->14709 14710 11fb58e __cftof 11 API calls 14708->14710 14711 12024b7 14709->14711 14718 12024cc __aulldvrm _vswprintf_s 14709->14718 14713 12024a4 14710->14713 14712 11fb58e __cftof 11 API calls 14711->14712 14712->14713 14714 11fb640 __cftof 11 API calls 14713->14714 14715 1202d6e 14714->14715 14715->14701 14716 1202d4f 14717 11fb58e __cftof 11 API calls 14716->14717 14717->14713 14718->14713 14718->14716 14719 12058ee 11 API calls __cftof 14718->14719 14719->14718 14721 11b4dfa 14720->14721 14723 11b4dd1 __cftof 14720->14723 14722 11b2e9f LdrInitializeThunk 14721->14722 14722->14723 14725 11b4df3 14723->14725 14742 11b4f2e 14723->14742 14725->14449 14795 120d0e8 14726->14795 14728 124ff1c GetPEB 14729 124ff43 GetPEB 14728->14729 14730 124ff2b 14728->14730 14732 124ff6e 14729->14732 14733 124ff4f 14729->14733 14730->14729 14731 124ffb1 14730->14731 14734 120d130 __cftof 11 API calls 14731->14734 14736 11ee730 2 API calls 14732->14736 14735 1245720 __cftof 11 API calls 14733->14735 14738 124ffb6 14734->14738 14735->14732 14737 124ff7d __cftof 14736->14737 14739 124ffa4 14737->14739 14740 124ff94 RtlDebugPrintTimes 14737->14740 14738->14447 14739->14447 14741 124ffa3 14740->14741 14741->14447 14743 1210b85 14742->14743 14748 11b4f3e 14742->14748 14744 1210b8b GetPEB 14743->14744 14745 1210b9a 14743->14745 14744->14745 14746 1210b9f 14744->14746 14751 12888f5 14745->14751 14748->14743 14749 11b4f5b GetPEB 14748->14749 14749->14743 14750 11b4f6e 14749->14750 14750->14725 14752 1288901 __cftof 14751->14752 14757 11bcc50 14752->14757 14754 128891f __cftof 14755 120d130 __cftof 11 API calls 14754->14755 14756 1288946 14755->14756 14756->14746 14759 11bcc79 14757->14759 14758 11fb640 __cftof 11 API calls 14760 11bcc89 14758->14760 14762 11bcc7e 14759->14762 14763 11eb230 14759->14763 14760->14754 14762->14758 14764 11eb26a 14763->14764 14765 122a2f6 14763->14765 14764->14765 14767 122a2fd 14764->14767 14771 11eb2ab __cftof 14764->14771 14766 11fb640 __cftof 11 API calls 14769 11eb2d0 14766->14769 14768 11eb2b5 14767->14768 14781 1285ba5 14767->14781 14768->14765 14768->14766 14769->14762 14771->14768 14773 11bccc0 14771->14773 14775 11bcd04 14773->14775 14774 11bcd95 14774->14768 14775->14774 14791 11bb150 14775->14791 14778 11bb150 __cftof 11 API calls 14779 1214e14 14778->14779 14780 11bb150 __cftof 11 API calls 14779->14780 14780->14774 14782 1285bb4 __cftof 14781->14782 14784 1284c56 11 API calls 14782->14784 14788 1285c10 14782->14788 14790 1285c2a __cftof 14782->14790 14783 120d130 __cftof 11 API calls 14785 12863e5 14783->14785 14784->14790 14785->14768 14787 11f6de6 32 API calls 14787->14790 14788->14783 14789 12860cf GetPEB 14789->14790 14790->14787 14790->14788 14790->14789 14794 11f9710 LdrInitializeThunk 14790->14794 14792 11bb171 __cftof 11 API calls 14791->14792 14793 11bb16e 14792->14793 14793->14778 14794->14790 14795->14728 14796->14454 15029 11f95d0 LdrInitializeThunk 16000 11e36cc 16001 11e36e6 16000->16001 16002 11e36d4 GetPEB 16000->16002 16003 11e36e5 16002->16003 16004 11b9240 16005 11b924c __cftof 16004->16005 16006 11b925f 16005->16006 16022 11f95d0 LdrInitializeThunk 16005->16022 16023 11b9335 16006->16023 16010 11b9335 LdrInitializeThunk 16011 11b9276 16010->16011 16028 11f95d0 LdrInitializeThunk 16011->16028 16013 11b927e GetPEB 16014 11d77f0 16013->16014 16015 11b929a GetPEB 16014->16015 16016 11d77f0 16015->16016 16017 11b92b6 GetPEB 16016->16017 16019 11b92d2 16017->16019 16018 11b9330 16019->16018 16020 11b9305 GetPEB 16019->16020 16021 11b931f __cftof 16020->16021 16022->16006 16029 11f95d0 LdrInitializeThunk 16023->16029 16025 11b9342 16030 11f95d0 LdrInitializeThunk 16025->16030 16027 11b926b 16027->16010 16028->16013 16029->16025 16030->16027 15165 127bbbb 15166 127bbde 15165->15166 15171 127bd54 15166->15171 15168 127bc3c 15172 127bd63 15171->15172 15173 127bc04 15171->15173 15185 11e4e70 15172->15185 15173->15168 15175 127f9a1 15173->15175 15176 127f9d6 15175->15176 15193 128022c 15176->15193 15178 127f9e1 15179 127f9e7 15178->15179 15180 127fa16 15178->15180 15199 12805ac 15178->15199 15179->15168 15183 127fa1a __cftof 15180->15183 15215 128070d 15180->15215 15183->15179 15229 1280a13 15183->15229 15186 11e4e94 15185->15186 15187 11e4ec0 15185->15187 15189 11fb640 __cftof 11 API calls 15186->15189 15188 11e4ed6 RtlDebugPrintTimes 15187->15188 15192 11e4eeb 15187->15192 15188->15192 15190 11e4eac 15189->15190 15190->15173 15191 1268df1 12 API calls 15191->15186 15192->15186 15192->15191 15194 1280278 15193->15194 15198 12802c2 15194->15198 15237 1280ea5 15194->15237 15196 12802e9 15196->15178 15198->15196 15264 120cf85 15198->15264 15203 12805d1 15199->15203 15200 12806db 15200->15180 15201 1280652 15202 127a854 33 API calls 15201->15202 15205 1280672 15202->15205 15203->15200 15203->15201 15204 127a80d 27 API calls 15203->15204 15204->15201 15205->15200 15428 1281293 15205->15428 15208 11d7d50 GetPEB 15209 128069c 15208->15209 15210 12806b0 15209->15210 15211 12806a0 GetPEB 15209->15211 15210->15200 15212 12806ba GetPEB 15210->15212 15211->15210 15212->15200 15213 12806c9 15212->15213 15214 127138a 13 API calls 15213->15214 15214->15200 15216 1280734 15215->15216 15217 12807d2 15216->15217 15218 127afde 33 API calls 15216->15218 15217->15183 15219 1280782 15218->15219 15220 1281293 33 API calls 15219->15220 15221 128078e 15220->15221 15222 11d7d50 GetPEB 15221->15222 15223 1280793 15222->15223 15224 12807a7 15223->15224 15225 1280797 GetPEB 15223->15225 15224->15217 15226 12807b1 GetPEB 15224->15226 15225->15224 15226->15217 15227 12807c0 15226->15227 15432 12714fb 15227->15432 15230 1280a3c 15229->15230 15440 1280392 15230->15440 15233 120cf85 33 API calls 15234 1280aec 15233->15234 15235 1280b19 15234->15235 15236 1281074 35 API calls 15234->15236 15235->15179 15236->15235 15268 127ff69 15237->15268 15239 128105b 15241 1281055 15239->15241 15308 1281074 15239->15308 15240 1280f32 15274 127a854 15240->15274 15241->15198 15244 1280fab 15248 11d7d50 GetPEB 15244->15248 15245 1280ecb 15245->15239 15245->15240 15246 127a80d 27 API calls 15245->15246 15246->15240 15249 1280fcf 15248->15249 15251 1280fe3 15249->15251 15252 1280fd3 GetPEB 15249->15252 15250 1280f50 15250->15239 15250->15244 15282 12815b5 15250->15282 15253 1280fed GetPEB 15251->15253 15254 128100e 15251->15254 15252->15251 15253->15254 15256 1280ffc 15253->15256 15255 11d7d50 GetPEB 15254->15255 15258 1281013 15255->15258 15286 127138a 15256->15286 15259 1281027 15258->15259 15260 1281017 GetPEB 15258->15260 15261 1281041 15259->15261 15294 126fec0 15259->15294 15260->15259 15261->15241 15302 12752f8 15261->15302 15266 120cf98 15264->15266 15265 120cfb1 15265->15196 15266->15265 15267 12752f8 33 API calls 15266->15267 15267->15265 15269 127ff9f 15268->15269 15273 127ffd1 15268->15273 15272 127a80d 27 API calls 15269->15272 15269->15273 15270 127a854 33 API calls 15271 127fff1 15270->15271 15271->15245 15272->15273 15273->15270 15275 127a8c0 15274->15275 15276 127a941 15274->15276 15275->15276 15320 127f021 15275->15320 15278 127aa00 15276->15278 15324 12753d9 15276->15324 15280 11fb640 __cftof 11 API calls 15278->15280 15281 127aa10 15280->15281 15281->15250 15283 12815d0 15282->15283 15285 12815d7 15282->15285 15284 128165e LdrInitializeThunk 15283->15284 15284->15285 15285->15250 15287 12713af __cftof 15286->15287 15288 11d7d50 GetPEB 15287->15288 15289 12713d2 15288->15289 15290 12713d6 GetPEB 15289->15290 15291 12713e6 __cftof 15289->15291 15290->15291 15292 11fb640 __cftof 11 API calls 15291->15292 15293 127140b 15292->15293 15293->15254 15295 126fee5 __cftof 15294->15295 15296 11d7d50 GetPEB 15295->15296 15297 126ff02 15296->15297 15298 126ff06 GetPEB 15297->15298 15299 126ff16 __cftof 15297->15299 15298->15299 15300 11fb640 __cftof 11 API calls 15299->15300 15301 126ff3b 15300->15301 15301->15261 15303 12753c7 15302->15303 15304 1275321 15302->15304 15306 11fb640 __cftof 11 API calls 15303->15306 15305 1237b9c 33 API calls 15304->15305 15305->15303 15307 12753d5 15306->15307 15307->15241 15309 12810b0 15308->15309 15310 1281095 15308->15310 15386 127afde 15309->15386 15312 128165e LdrInitializeThunk 15310->15312 15312->15309 15314 11d7d50 GetPEB 15315 12810cd 15314->15315 15316 12810e1 15315->15316 15317 12810d1 GetPEB 15315->15317 15318 12810fa 15316->15318 15395 126fe3f 15316->15395 15317->15316 15318->15241 15321 127f03a 15320->15321 15338 127ee22 15321->15338 15325 12753f7 15324->15325 15326 1275552 15324->15326 15327 1275403 15325->15327 15328 12754eb 15325->15328 15329 1237b9c 33 API calls 15326->15329 15336 127547c 15326->15336 15330 1275481 15327->15330 15331 127540b 15327->15331 15333 1237b9c 33 API calls 15328->15333 15328->15336 15329->15336 15335 1237b9c 33 API calls 15330->15335 15330->15336 15331->15336 15370 1237b9c 15331->15370 15332 11fb640 __cftof 11 API calls 15334 12755bd 15332->15334 15333->15336 15334->15278 15335->15336 15336->15332 15339 127ee5d 15338->15339 15341 127ee73 15339->15341 15343 127ef09 15339->15343 15340 11fb640 __cftof 11 API calls 15342 127efd4 15340->15342 15348 127eef5 15341->15348 15349 127f607 15341->15349 15342->15276 15343->15348 15354 127f8c5 15343->15354 15348->15340 15352 127f626 15349->15352 15350 127eedd 15350->15348 15353 11f96e0 LdrInitializeThunk 15350->15353 15352->15350 15360 128165e 15352->15360 15353->15348 15355 127f8ea 15354->15355 15356 127f932 15355->15356 15357 127f607 LdrInitializeThunk 15355->15357 15356->15348 15358 127f90f 15357->15358 15358->15356 15369 11f96e0 LdrInitializeThunk 15358->15369 15362 128166a __cftof 15360->15362 15361 1281869 __cftof 15361->15352 15362->15361 15364 1281d55 15362->15364 15365 1281d61 __cftof 15364->15365 15366 1281fc5 __cftof 15365->15366 15368 11f96e0 LdrInitializeThunk 15365->15368 15366->15362 15368->15366 15369->15356 15373 11f1130 15370->15373 15376 11f115f 15373->15376 15377 122cd96 15376->15377 15378 11f11a8 15376->15378 15378->15377 15379 122cd9d 15378->15379 15383 11f11e9 __cftof 15378->15383 15381 1285ba5 33 API calls 15379->15381 15385 11f12bd 15379->15385 15380 11fb640 __cftof 11 API calls 15382 11f1159 15380->15382 15381->15385 15382->15336 15384 11bccc0 __cftof 11 API calls 15383->15384 15383->15385 15384->15385 15385->15377 15385->15380 15387 127b00a 15386->15387 15388 127b039 15386->15388 15387->15388 15389 127b00e 15387->15389 15393 127b035 15388->15393 15412 11f96e0 LdrInitializeThunk 15388->15412 15390 127b026 15389->15390 15403 127f209 15389->15403 15390->15314 15393->15390 15394 12753d9 33 API calls 15393->15394 15394->15390 15396 126fe64 __cftof 15395->15396 15397 11d7d50 GetPEB 15396->15397 15398 126fe81 15397->15398 15399 126fe85 GetPEB 15398->15399 15400 126fe95 __cftof 15398->15400 15399->15400 15401 11fb640 __cftof 11 API calls 15400->15401 15402 126feba 15401->15402 15402->15318 15404 127f23b 15403->15404 15405 127f241 15404->15405 15406 127f27a 15404->15406 15413 11f96e0 LdrInitializeThunk 15405->15413 15411 127f28f __cftof 15406->15411 15414 11f96e0 LdrInitializeThunk 15406->15414 15410 127f26d 15410->15393 15411->15410 15415 127f7dd 15411->15415 15412->15393 15413->15410 15414->15411 15416 127f803 15415->15416 15421 127f4a1 15416->15421 15420 127f82d 15420->15410 15422 127f4bc 15421->15422 15423 128165e LdrInitializeThunk 15422->15423 15425 127f4ea 15423->15425 15424 127f51c 15427 11f96e0 LdrInitializeThunk 15424->15427 15425->15424 15426 128165e LdrInitializeThunk 15425->15426 15426->15425 15427->15420 15429 1280697 15428->15429 15430 12812b2 15428->15430 15429->15208 15431 12752f8 33 API calls 15430->15431 15431->15429 15433 1271520 __cftof 15432->15433 15434 11d7d50 GetPEB 15433->15434 15435 1271543 15434->15435 15436 1271547 GetPEB 15435->15436 15437 1271557 __cftof 15435->15437 15436->15437 15438 11fb640 __cftof 11 API calls 15437->15438 15439 127157c 15438->15439 15439->15217 15443 12803a0 15440->15443 15441 1280589 15441->15233 15442 128070d 36 API calls 15442->15443 15443->15441 15443->15442 15445 125da47 15443->15445 15446 125da51 15445->15446 15450 125da9b 15445->15450 15446->15450 15451 11dc4a0 15446->15451 15450->15443 15471 11dc577 15451->15471 15453 11fb640 __cftof 11 API calls 15455 11dc545 15453->15455 15454 11dc4cc 15464 11dc52c 15454->15464 15479 11dc182 15454->15479 15455->15450 15465 127526e 15455->15465 15457 11dc515 15458 11dc519 15457->15458 15459 11dc565 15457->15459 15457->15464 15494 11ddbe9 15458->15494 15463 1222e61 RtlDebugPrintTimes 15459->15463 15459->15464 15460 11dc4f9 15460->15457 15460->15464 15512 11de180 15460->15512 15463->15464 15464->15453 15466 12752a4 15465->15466 15467 127528d 15465->15467 15469 11fb640 __cftof 11 API calls 15466->15469 15468 1237b9c 33 API calls 15467->15468 15468->15466 15470 12752af 15469->15470 15470->15450 15472 11dc5b5 15471->15472 15473 11dc583 15471->15473 15474 11dc5ce 15472->15474 15475 11dc5bb GetPEB 15472->15475 15473->15472 15478 11dc59e GetPEB 15473->15478 15476 12888f5 33 API calls 15474->15476 15475->15474 15477 11dc5ad 15475->15477 15476->15477 15477->15454 15478->15472 15478->15477 15480 11dc1c4 15479->15480 15493 11dc1a2 15479->15493 15481 11d7d50 GetPEB 15480->15481 15482 11dc1dc 15481->15482 15483 1222d65 GetPEB 15482->15483 15484 11dc1e4 15482->15484 15485 1222d78 15483->15485 15484->15485 15487 11dc1f2 15484->15487 15538 1288d34 15485->15538 15487->15493 15515 11dbb2d 15487->15515 15490 11dbb2d 27 API calls 15491 11dc227 15490->15491 15520 11db944 15491->15520 15493->15460 15495 11ddc05 15494->15495 15503 11ddc54 15495->15503 15568 11b4510 15495->15568 15496 11d7d50 GetPEB 15498 11ddd10 15496->15498 15500 11ddd18 15498->15500 15501 1223aff GetPEB 15498->15501 15504 1223b12 15500->15504 15505 11ddd29 15500->15505 15501->15504 15502 11bcc50 33 API calls 15502->15503 15503->15496 15576 1288ed6 15504->15576 15559 11ddd82 15505->15559 15507 1223b1b 15507->15507 15509 11ddd3b 15510 11db944 16 API calls 15509->15510 15511 11ddd45 15510->15511 15511->15464 15513 11dc577 35 API calls 15512->15513 15514 11de198 15513->15514 15514->15457 15516 11dbb33 15515->15516 15517 127a80d 27 API calls 15516->15517 15519 11dbb92 15516->15519 15518 1222d06 15517->15518 15519->15490 15521 11dbadd 15520->15521 15531 11db980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15520->15531 15523 11d7d50 GetPEB 15521->15523 15528 11dbab7 15521->15528 15522 11fb640 __cftof 11 API calls 15524 11dbad9 15522->15524 15525 11dbaee 15523->15525 15524->15493 15526 11dbaf6 15525->15526 15527 1222caf GetPEB 15525->15527 15526->15528 15545 1288cd6 15526->15545 15532 1222cc2 GetPEB 15527->15532 15528->15522 15529 11d7d50 GetPEB 15533 11dbaa1 15529->15533 15531->15528 15531->15529 15535 1222cd5 15532->15535 15533->15532 15534 11dbaa9 15533->15534 15534->15528 15534->15535 15552 1288f6a 15535->15552 15537 1222ce2 15537->15537 15539 11d7d50 GetPEB 15538->15539 15540 1288d5a 15539->15540 15541 1288d5e GetPEB 15540->15541 15542 1288d6e __cftof 15540->15542 15541->15542 15543 11fb640 __cftof 11 API calls 15542->15543 15544 1288d91 15543->15544 15544->15493 15546 11d7d50 GetPEB 15545->15546 15547 1288cf9 15546->15547 15548 1288cfd GetPEB 15547->15548 15549 1288d0d __cftof 15547->15549 15548->15549 15550 11fb640 __cftof 11 API calls 15549->15550 15551 1288d30 15550->15551 15551->15528 15553 11d7d50 GetPEB 15552->15553 15554 1288f9c 15553->15554 15555 1288fa0 GetPEB 15554->15555 15556 1288fb0 __cftof 15554->15556 15555->15556 15557 11fb640 __cftof 11 API calls 15556->15557 15558 1288fd3 15557->15558 15558->15537 15560 11dddbc 15559->15560 15561 11ceef0 26 API calls 15560->15561 15566 11dde19 15560->15566 15562 11dded7 15561->15562 15563 11ddf1f 15562->15563 15564 11ceb70 33 API calls 15562->15564 15563->15509 15565 11ddf0b 15564->15565 15565->15566 15583 11ddf70 15565->15583 15566->15509 15569 11b4523 15568->15569 15570 11b458f 15568->15570 15569->15570 15571 11bb150 __cftof 11 API calls 15569->15571 15570->15502 15572 12108f7 15571->15572 15573 11bb150 __cftof 11 API calls 15572->15573 15574 1210901 15573->15574 15575 11bb150 __cftof 11 API calls 15574->15575 15575->15570 15577 11d7d50 GetPEB 15576->15577 15578 1288f2f 15577->15578 15579 1288f43 __cftof 15578->15579 15580 1288f33 GetPEB 15578->15580 15581 11fb640 __cftof 11 API calls 15579->15581 15580->15579 15582 1288f66 15581->15582 15582->15507 15584 11ddf7c __cftof 15583->15584 15585 11ddfba 15584->15585 15586 11ddfe5 15584->15586 15604 11ddfbf 15584->15604 15605 11ce510 15585->15605 15590 11de07c 15586->15590 15591 11ddff2 15586->15591 15589 11ddfdf __cftof 15589->15566 15700 11ef8f2 15590->15700 15592 11ddffb 15591->15592 15593 11de075 15591->15593 15631 11e0075 15592->15631 15686 11e36e9 15593->15686 15597 11de000 15598 1223b30 15597->15598 15599 11de01e 15597->15599 15597->15604 15715 1235510 15598->15715 15599->15604 15659 11bb1e1 15599->15659 15622 11de090 15604->15622 15723 11cb02a GetPEB 15605->15723 15607 11ce8b4 15620 11ce8ec __cftof 15607->15620 15739 11c8794 15607->15739 15609 11ce95a 15609->15604 15610 11ce90c 15610->15604 15611 11ce8d0 15613 11cb02a 19 API calls 15611->15613 15611->15620 15612 11bb1e1 18 API calls 15614 121b98c 15612->15614 15613->15620 15615 121b7e9 15616 1235510 11 API calls 15615->15616 15615->15620 15616->15620 15617 11ce57e 15617->15607 15617->15609 15617->15615 15618 11ce783 15617->15618 15617->15620 15735 120cdfa 15617->15735 15619 1235510 11 API calls 15618->15619 15618->15620 15619->15620 15620->15610 15620->15612 15623 1223b90 15622->15623 15627 11de099 15622->15627 15624 11bb1e1 18 API calls 15623->15624 15625 1223ba6 15624->15625 15625->15625 15626 11de0e1 15626->15589 15627->15626 15628 11ceef0 26 API calls 15627->15628 15629 11de0bc 15628->15629 15630 11ceb70 33 API calls 15629->15630 15630->15626 15632 11e00d9 15631->15632 15641 11e00ea __cftof 15631->15641 15632->15641 15876 11dc07f 15632->15876 15635 11e0223 15637 11e022f 15635->15637 15638 11e02ba 15635->15638 15856 11e002d 15637->15856 15886 11ef99e 15638->15886 15641->15635 15763 11dfda0 15641->15763 15787 11ca8c0 15641->15787 15792 11e02f3 15641->15792 15802 11e02d6 15641->15802 15806 11e03e2 15641->15806 15890 11bad30 GetPEB 15641->15890 15643 11e023c 15648 1224c11 15643->15648 15649 11e024a 15643->15649 15650 11bad30 GetPEB 15648->15650 15651 11e02d6 GetPEB 15649->15651 15653 1224c1a 15650->15653 15654 11e026a 15651->15654 15653->15653 15655 11e0274 15654->15655 15882 11eb390 15654->15882 15657 11fb640 __cftof 11 API calls 15655->15657 15658 11e0287 15657->15658 15658->15597 15660 11d7d50 GetPEB 15659->15660 15661 11bb1f1 15660->15661 15662 11bb1f9 15661->15662 15663 1214a0e GetPEB 15661->15663 15664 1214a21 GetPEB 15662->15664 15671 11bb207 15662->15671 15663->15664 15665 1214a34 15664->15665 15664->15671 15666 11d7d50 GetPEB 15665->15666 15667 1214a39 15666->15667 15668 1214a4d 15667->15668 15669 1214a3d GetPEB 15667->15669 15670 1237016 15 API calls 15668->15670 15668->15671 15669->15668 15670->15671 15672 11baa16 15671->15672 15673 1214458 GetPEB 15672->15673 15674 11baa42 15672->15674 15675 11baa52 __cftof 15673->15675 15674->15673 15674->15675 15676 11baa64 15675->15676 15915 11e5e50 15675->15915 15677 11fb640 __cftof 11 API calls 15676->15677 15678 11baa71 15677->15678 15678->15604 15681 12144e6 15681->15676 15683 12144ee GetPEB 15681->15683 15682 11eb230 33 API calls 15684 12144db 15682->15684 15683->15676 15921 11bf7a0 15684->15921 15924 11c6a3a 15686->15924 15689 11e3792 15691 11e03e2 247 API calls 15689->15691 15699 11e37a5 15689->15699 15690 11e02f3 54 API calls 15693 11e3760 15690->15693 15691->15699 15692 11e37b9 15694 11fb640 __cftof 11 API calls 15692->15694 15693->15689 15697 11e37d0 15693->15697 15696 11e37cc 15694->15696 15695 11bad30 GetPEB 15695->15692 15696->15597 15698 11ef99e 65 API calls 15697->15698 15698->15699 15699->15692 15699->15695 15701 11ef948 15700->15701 15702 11ef97e 15701->15702 15703 11ef952 15701->15703 15939 11c6b6b 15702->15939 15704 11ef99e 65 API calls 15703->15704 15706 11ef959 15704->15706 15708 11ef967 15706->15708 15709 122bdad 15706->15709 15711 11fb640 __cftof 11 API calls 15708->15711 15710 11bad30 GetPEB 15709->15710 15713 122bdb6 15710->15713 15714 11ef97a 15711->15714 15712 11e03e2 247 API calls 15712->15706 15713->15713 15714->15597 15719 1235543 15715->15719 15716 1235612 15717 11fb640 __cftof 11 API calls 15716->15717 15718 123561f 15717->15718 15718->15604 15719->15716 15948 1235767 15719->15948 15722 11bb171 __cftof 11 API calls 15722->15716 15724 121a60b 15723->15724 15725 11cb046 15723->15725 15724->15725 15726 121a614 GetPEB 15724->15726 15727 121a627 GetPEB 15725->15727 15734 11cb054 15725->15734 15726->15725 15728 121a63a 15727->15728 15727->15734 15729 11d7d50 GetPEB 15728->15729 15730 121a63f 15729->15730 15731 121a643 GetPEB 15730->15731 15732 121a653 15730->15732 15731->15732 15733 1237016 15 API calls 15732->15733 15732->15734 15733->15734 15734->15617 15736 120ce1e 15735->15736 15737 11bc7f9 11 API calls 15736->15737 15738 120cec3 15736->15738 15737->15736 15738->15617 15740 11c87aa 15739->15740 15741 11c87bd 15739->15741 15742 11f9a00 LdrInitializeThunk 15740->15742 15743 11c87d1 15741->15743 15744 11c87fb GetPEB 15741->15744 15755 11c87f2 15741->15755 15742->15741 15745 11c87df 15743->15745 15746 11c849b 18 API calls 15743->15746 15749 11c8826 15744->15749 15747 11c934a 11 API calls 15745->15747 15745->15755 15746->15745 15748 11c87ea 15747->15748 15750 123a9d2 12 API calls 15748->15750 15748->15755 15752 11c8870 15749->15752 15758 11c893d 15749->15758 15759 11c88b4 15749->15759 15751 1219bfe 15750->15751 15753 1235510 11 API calls 15751->15753 15751->15755 15754 11c8a0a 38 API calls 15752->15754 15753->15755 15756 11c887b 15754->15756 15755->15611 15757 11e61a0 53 API calls 15756->15757 15756->15759 15761 11c891f 15757->15761 15758->15759 15760 11e61a0 53 API calls 15758->15760 15759->15611 15760->15761 15761->15759 15762 1289d2e 33 API calls 15761->15762 15762->15759 15764 12248e6 15763->15764 15765 11dfdf5 15763->15765 15766 1235510 11 API calls 15764->15766 15767 11e1e52 79 API calls 15765->15767 15771 11dfe01 15765->15771 15766->15771 15767->15771 15768 11dffc3 15769 11dffd8 15768->15769 15770 1224b0d 15768->15770 15772 11fb640 __cftof 11 API calls 15769->15772 15773 1235510 11 API calls 15770->15773 15771->15768 15775 11c6c0d GetPEB 15771->15775 15785 11dfe9a 15771->15785 15774 11dffe7 15772->15774 15776 1224b29 15773->15776 15774->15641 15775->15785 15777 11dff7f 15778 11dff8d 15777->15778 15780 1224a3b 15777->15780 15779 11e02d6 GetPEB 15778->15779 15783 11dff95 15779->15783 15780->15768 15782 11bb6f0 __cftof 11 API calls 15780->15782 15781 1243ad9 42 API calls 15781->15785 15782->15768 15783->15768 15784 11e002d 6 API calls 15783->15784 15784->15768 15785->15768 15785->15777 15785->15781 15786 11c6a3a 53 API calls 15785->15786 15786->15785 15788 11caab0 GetPEB GetPEB 15787->15788 15789 11ca8f5 15788->15789 15790 11fb640 __cftof 11 API calls 15789->15790 15791 11ca939 15790->15791 15791->15641 15793 11e0316 15792->15793 15794 11e035f RtlDebugPrintTimes 15793->15794 15801 11e031f 15793->15801 15797 11e0372 15794->15797 15795 11fb640 __cftof 11 API calls 15796 11e0331 15795->15796 15796->15641 15798 11e02d6 GetPEB 15797->15798 15797->15801 15799 1224c30 15798->15799 15800 11c6a3a 53 API calls 15799->15800 15800->15801 15801->15795 15803 11e02e9 15802->15803 15804 11e02e1 15802->15804 15803->15641 15805 11bad30 GetPEB 15804->15805 15805->15803 15807 11e0548 49 API calls 15806->15807 15808 11e0408 15807->15808 15809 11e0457 15808->15809 15810 11cb02a 19 API calls 15808->15810 15811 1224c84 GetPEB 15809->15811 15816 11e045f 15809->15816 15812 11e0429 15810->15812 15813 1224c97 GetPEB 15811->15813 15814 11d7d50 GetPEB 15812->15814 15815 1224caa 15813->15815 15829 11e046d 15813->15829 15814->15809 15817 11d7d50 GetPEB 15815->15817 15816->15813 15816->15829 15818 1224caf 15817->15818 15819 1224cc3 15818->15819 15820 1224cb3 GetPEB 15818->15820 15824 1237016 15 API calls 15819->15824 15819->15829 15820->15819 15821 11e0493 15822 11e0535 15821->15822 15823 11e04ac 15821->15823 15826 123a7ac 35 API calls 15821->15826 15825 11fb640 __cftof 11 API calls 15822->15825 15827 11f99a0 __cftof LdrInitializeThunk 15823->15827 15834 11e0524 15823->15834 15824->15829 15828 11e0544 15825->15828 15826->15823 15830 11e04c5 15827->15830 15828->15641 15829->15821 15831 12369a6 12 API calls 15829->15831 15832 1224d53 15830->15832 15833 11e04cf 15830->15833 15831->15829 15836 1233540 54 API calls 15832->15836 15847 1224d6b 15832->15847 15835 11d7d50 GetPEB 15833->15835 15834->15822 15838 11f95d0 __cftof LdrInitializeThunk 15834->15838 15837 11e04d4 15835->15837 15836->15847 15839 11e04dc 15837->15839 15840 1224dd8 GetPEB 15837->15840 15838->15822 15841 11e04ea 15839->15841 15842 1224deb GetPEB 15839->15842 15840->15842 15843 11e0500 15841->15843 15846 1224e3f RtlDebugPrintTimes 15841->15846 15842->15841 15844 1224dfe 15842->15844 15849 11e0511 15843->15849 15851 11c7f65 240 API calls 15843->15851 15848 11d7d50 GetPEB 15844->15848 15845 11bb1e1 18 API calls 15845->15837 15846->15843 15847->15845 15850 1224e03 15848->15850 15849->15822 15852 11f95d0 __cftof LdrInitializeThunk 15849->15852 15853 1224e17 15850->15853 15854 1224e07 GetPEB 15850->15854 15851->15849 15852->15834 15853->15841 15855 1237016 15 API calls 15853->15855 15854->15853 15855->15841 15857 11d7d50 GetPEB 15856->15857 15858 11e0037 15857->15858 15859 1224b31 GetPEB 15858->15859 15860 11e0049 15858->15860 15861 1224b41 15859->15861 15860->15861 15862 11e0059 15860->15862 15864 11d7d50 GetPEB 15861->15864 15863 11d7d50 GetPEB 15862->15863 15868 11e005e 15863->15868 15865 1224b46 15864->15865 15865->15868 15869 1224b4a GetPEB 15865->15869 15866 1224b66 GetPEB 15870 1224b76 GetPEB 15866->15870 15867 11e0066 15867->15870 15872 11e006f 15867->15872 15868->15866 15868->15867 15868->15872 15869->15868 15871 1224b89 15870->15871 15870->15872 15873 11d7d50 GetPEB 15871->15873 15872->15643 15892 1236dc9 GetPEB 15872->15892 15874 1224b8e 15873->15874 15874->15872 15875 1224b92 GetPEB 15874->15875 15875->15872 15877 11dc098 __cftof 15876->15877 15878 1235510 11 API calls 15877->15878 15880 120e232 15877->15880 15881 11dc0a0 15877->15881 15878->15880 15879 1236cf0 19 API calls 15879->15881 15880->15879 15881->15641 15885 11eb3aa 15882->15885 15883 11eb3dc GetPEB 15884 11eb3d3 15883->15884 15884->15655 15885->15883 15885->15884 15888 11ef9ba 15886->15888 15887 11efa3f 15887->15643 15888->15887 15889 11efab0 65 API calls 15888->15889 15889->15887 15891 11bad48 15890->15891 15891->15641 15893 1236e09 15892->15893 15894 11d7d50 GetPEB 15893->15894 15908 1236fd8 15893->15908 15895 1236e55 15894->15895 15896 1236e6e __cftof 15895->15896 15897 1236e5e GetPEB 15895->15897 15898 1236e82 GetPEB 15896->15898 15897->15896 15899 1236e93 15898->15899 15900 123795d 56 API calls 15899->15900 15899->15908 15901 1236eb1 15900->15901 15902 123795d 56 API calls 15901->15902 15901->15908 15903 1236ec8 15902->15903 15904 123795d 56 API calls 15903->15904 15905 1236ed9 15904->15905 15906 123795d 56 API calls 15905->15906 15907 1236eeb GetPEB 15906->15907 15909 1236f06 15907->15909 15908->15643 15909->15908 15910 11d7d50 GetPEB 15909->15910 15911 1236fa1 15910->15911 15912 1236fa5 GetPEB 15911->15912 15913 1236fb4 __cftof 15911->15913 15912->15913 15914 1236fc7 GetPEB 15913->15914 15914->15908 15916 11e5e5d 15915->15916 15917 11cf820 51 API calls 15916->15917 15919 11e5e76 15916->15919 15918 11e5e70 15917->15918 15918->15919 15920 11bcc50 33 API calls 15918->15920 15919->15681 15919->15682 15920->15919 15922 11bf7c0 35 API calls 15921->15922 15923 11bf7b5 15922->15923 15923->15681 15925 11c6a57 15924->15925 15926 121914e 15924->15926 15928 11f0adf 53 API calls 15925->15928 15929 11c6a66 15925->15929 15927 1235510 11 API calls 15926->15927 15934 11c6a98 __cftof 15927->15934 15928->15929 15931 11c6c0d GetPEB 15929->15931 15929->15934 15936 11c6ad1 15929->15936 15930 11c6b18 15930->15689 15930->15690 15931->15934 15932 1235510 11 API calls 15933 1219209 15932->15933 15935 11c6b6b 52 API calls 15934->15935 15934->15936 15938 11c6acb 15935->15938 15936->15930 15936->15932 15937 11e02d6 GetPEB 15937->15936 15938->15936 15938->15937 15940 11d4120 51 API calls 15939->15940 15941 11c6b99 15940->15941 15942 11c6ba5 15941->15942 15945 1219211 15941->15945 15943 11fb640 __cftof 11 API calls 15942->15943 15944 11c6be5 15943->15944 15944->15706 15944->15712 15946 11bad30 GetPEB 15945->15946 15947 1219219 15946->15947 15947->15947 15949 1235775 15948->15949 15950 12355f6 15949->15950 15951 12357a9 11 API calls 15949->15951 15950->15722 15951->15950 15952 11b1e04 15953 11b1e10 __cftof 15952->15953 15954 11b1e37 __cftof 15953->15954 15955 127a80d 27 API calls 15953->15955 15956 120f18b 15955->15956 15957 126d380 15958 126d393 15957->15958 15960 126d38c 15957->15960 15959 126d3a0 GetPEB 15958->15959 15959->15960 16031 12037cc 16032 12037db 16031->16032 16033 12037ea 16032->16033 16035 120590b 16032->16035 16036 1205917 16035->16036 16037 120592d 16035->16037 16038 11fb58e __cftof 11 API calls 16036->16038 16037->16033 16039 1205923 16038->16039 16039->16033 14797 11efab0 14798 11efb14 14797->14798 14799 11efac2 14797->14799 14800 11ceef0 26 API calls 14799->14800 14801 11efacd 14800->14801 14802 11efadf 14801->14802 14806 11efb18 14801->14806 14803 11ceb70 33 API calls 14802->14803 14804 11efaf1 14803->14804 14804->14798 14805 11efafa GetPEB 14804->14805 14805->14798 14807 11efb09 14805->14807 14812 122bdcb 14806->14812 14833 11c6d90 14806->14833 14843 11cff60 14807->14843 14811 122bea7 14813 11c76e2 GetPEB 14811->14813 14832 11efc4b 14811->14832 14812->14811 14815 11bb150 __cftof 11 API calls 14812->14815 14816 122be19 14812->14816 14813->14832 14814 11efba7 14818 11efbe4 14814->14818 14814->14832 14851 11efd22 14814->14851 14815->14816 14816->14811 14863 11c75ce 14816->14863 14820 122bf17 14818->14820 14821 11efc47 14818->14821 14818->14832 14822 11efd22 GetPEB 14820->14822 14820->14832 14823 11efd22 GetPEB 14821->14823 14821->14832 14825 122bf22 14822->14825 14826 11efcb2 14823->14826 14824 122be54 14827 122be92 14824->14827 14824->14832 14867 11c76e2 14824->14867 14829 11efd9b 3 API calls 14825->14829 14825->14832 14826->14832 14855 11efd9b 14826->14855 14827->14811 14831 11c76e2 GetPEB 14827->14831 14829->14832 14831->14811 14834 11c6dba 14833->14834 14836 11c6da4 14833->14836 14871 11f2e1c 14834->14871 14836->14812 14836->14814 14836->14832 14837 11c6dbf 14838 11ceef0 26 API calls 14837->14838 14839 11c6dca 14838->14839 14840 11c6dde 14839->14840 14876 11bdb60 14839->14876 14842 11ceb70 33 API calls 14840->14842 14842->14836 14844 11cff6d 14843->14844 14845 11cff99 14843->14845 14844->14845 14847 11cff80 GetPEB 14844->14847 14846 12888f5 33 API calls 14845->14846 14848 11cff94 14846->14848 14847->14845 14849 11cff8f 14847->14849 14848->14798 14988 11d0050 14849->14988 14852 11efd3a 14851->14852 14854 11efd31 __cftof 14851->14854 14852->14854 15024 11c7608 14852->15024 14854->14818 14856 11efdba GetPEB 14855->14856 14857 11efdcc 14855->14857 14856->14857 14858 11efdf2 14857->14858 14859 122c0bd 14857->14859 14862 11efdfc 14857->14862 14861 11c76e2 GetPEB 14858->14861 14858->14862 14860 122c0d3 GetPEB 14859->14860 14859->14862 14860->14862 14861->14862 14862->14832 14864 11c75db 14863->14864 14865 11c75eb 14863->14865 14864->14865 14866 11c7608 GetPEB 14864->14866 14865->14824 14866->14865 14868 11c76fd 14867->14868 14869 11c76e6 14867->14869 14868->14827 14869->14868 14870 11c76ec GetPEB 14869->14870 14870->14868 14872 11f2e32 14871->14872 14873 11f2e57 14872->14873 14884 11f9840 LdrInitializeThunk 14872->14884 14873->14837 14875 122df2e 14877 11bdb6d 14876->14877 14883 11bdb91 14876->14883 14877->14883 14885 11bdb40 GetPEB 14877->14885 14879 11bdb76 14879->14883 14887 11be7b0 14879->14887 14881 11bdb87 14882 1214fa6 GetPEB 14881->14882 14881->14883 14882->14883 14883->14840 14884->14875 14886 11bdb52 14885->14886 14886->14879 14888 11be7e0 14887->14888 14889 11be7ce 14887->14889 14890 11be7e8 14888->14890 14893 11bb150 __cftof 11 API calls 14888->14893 14889->14890 14895 11c3d34 14889->14895 14894 11be7f6 14890->14894 14934 11bdca4 14890->14934 14893->14890 14894->14881 14896 11c3d6c 14895->14896 14897 1218213 14895->14897 14950 11c1b8f 14896->14950 14901 121822b GetPEB 14897->14901 14921 11c4068 14897->14921 14899 11c3d81 14899->14897 14900 11c3d89 14899->14900 14902 11c1b8f 2 API calls 14900->14902 14901->14921 14903 11c3d9e 14902->14903 14904 11c3dba 14903->14904 14905 11c3da2 GetPEB 14903->14905 14906 11c1b8f 2 API calls 14904->14906 14905->14904 14907 11c3dd2 14906->14907 14909 11c3e91 14907->14909 14913 11c3deb GetPEB 14907->14913 14907->14921 14908 1218344 GetPEB 14910 11c407a 14908->14910 14912 11c1b8f 2 API calls 14909->14912 14911 11c4085 14910->14911 14915 1218363 GetPEB 14910->14915 14911->14888 14914 11c3ea9 14912->14914 14929 11c3dfc __cftof 14913->14929 14916 11c3f6a 14914->14916 14918 11c3ec2 GetPEB 14914->14918 14914->14921 14915->14911 14917 11c1b8f 2 API calls 14916->14917 14919 11c3f82 14917->14919 14925 11c3ed3 __cftof 14918->14925 14920 11c3f9b GetPEB 14919->14920 14919->14921 14928 11c3fac __cftof 14920->14928 14921->14908 14921->14910 14922 11c3e74 14922->14909 14924 11c3e81 GetPEB 14922->14924 14923 11c3e62 GetPEB 14923->14922 14924->14909 14925->14921 14926 11c3f3b GetPEB 14925->14926 14927 11c3f4d 14925->14927 14926->14927 14927->14916 14930 11c3f5a GetPEB 14927->14930 14928->14921 14931 11c404f 14928->14931 14932 1218324 GetPEB 14928->14932 14929->14921 14929->14922 14929->14923 14930->14916 14931->14921 14933 11c4058 GetPEB 14931->14933 14932->14921 14933->14921 14936 11bdcfd 14934->14936 14948 11bdd6f __cftof 14934->14948 14935 11bdd47 14965 11bdbb1 14935->14965 14936->14935 14944 11bdfc2 14936->14944 14956 11be620 14936->14956 14938 1214ff2 14938->14938 14941 11bdfae 14941->14944 14978 11f95d0 LdrInitializeThunk 14941->14978 14945 11fb640 __cftof 11 API calls 14944->14945 14947 11bdfe4 14945->14947 14947->14894 14948->14938 14948->14941 14948->14944 14972 11be375 14948->14972 14977 11f95d0 LdrInitializeThunk 14948->14977 14952 11c1ba9 __cftof 14950->14952 14955 11c1c05 14950->14955 14951 121701a GetPEB 14953 11c1c21 14951->14953 14952->14953 14954 11c1bf4 GetPEB 14952->14954 14952->14955 14953->14899 14954->14955 14955->14951 14955->14953 14957 1215503 14956->14957 14958 11be644 14956->14958 14958->14957 14979 11bf358 14958->14979 14960 11be725 14962 11be73b 14960->14962 14963 11be729 GetPEB 14960->14963 14962->14935 14963->14962 14964 11be661 __cftof 14964->14960 14983 11f95d0 LdrInitializeThunk 14964->14983 14984 11c766d 14965->14984 14967 11bdbcf 14967->14948 14968 11bdbf1 14967->14968 14969 11bdc05 14968->14969 14970 11c766d GetPEB 14969->14970 14971 11bdc22 14970->14971 14971->14948 14976 11be3a3 14972->14976 14973 11fb640 __cftof 11 API calls 14975 11be400 14973->14975 14974 1215306 14975->14948 14976->14973 14976->14974 14977->14948 14978->14944 14980 11bf370 14979->14980 14981 11bf38c 14980->14981 14982 11bf379 GetPEB 14980->14982 14981->14964 14982->14981 14983->14960 14986 11c7687 14984->14986 14985 11c76d3 14985->14967 14986->14985 14987 11c76c2 GetPEB 14986->14987 14987->14985 14989 11d0074 14988->14989 14990 11d009d GetPEB 14989->14990 14991 11d00f8 14989->14991 14993 121c01b 14990->14993 14994 11d00d0 14990->14994 14992 11fb640 __cftof 11 API calls 14991->14992 14995 11d0105 14992->14995 14993->14994 14996 121c024 GetPEB 14993->14996 14997 11d00df 14994->14997 14998 121c037 14994->14998 14995->14848 14996->14994 15004 11e9702 14997->15004 15008 1288a62 14998->15008 15001 11d00ef 15001->14991 15003 11d0109 RtlDebugPrintTimes 15001->15003 15002 121c04b 15002->15002 15003->14991 15005 11e9720 15004->15005 15007 11e9784 15005->15007 15015 1288214 15005->15015 15007->15001 15009 11d7d50 GetPEB 15008->15009 15010 1288a9d 15009->15010 15011 1288aa1 GetPEB 15010->15011 15012 1288ab1 __cftof 15010->15012 15011->15012 15013 11fb640 __cftof 11 API calls 15012->15013 15014 1288ad7 15013->15014 15014->15002 15016 128823b 15015->15016 15017 12882c0 15016->15017 15019 11e3b7a GetPEB 15016->15019 15017->15007 15023 11e3bb5 __cftof 15019->15023 15020 1226298 15021 11e3c1b GetPEB 15022 11e3c35 15021->15022 15022->15017 15023->15020 15023->15021 15023->15023 15025 11c7620 15024->15025 15026 11c766d GetPEB 15025->15026 15027 11c7632 15026->15027 15027->14854 15961 11f35b1 15962 11f35ca 15961->15962 15964 11f35f2 15961->15964 15963 11c7608 GetPEB 15962->15963 15962->15964 15963->15964 15032 11f9670 15033 11f967a __cftof LdrInitializeThunk 15032->15033 15972 123b111 15973 123b131 15972->15973 15974 123b143 15972->15974 15976 12421b7 15973->15976 15979 11fe3a0 15976->15979 15982 11fe3bd 15979->15982 15981 11fe3b8 15981->15974 15983 11fe3cc 15982->15983 15984 11fe3e3 15982->15984 15985 11fb58e __cftof 11 API calls 15983->15985 15986 11fb58e __cftof 11 API calls 15984->15986 15987 11fe3d8 _vswprintf_s 15984->15987 15985->15987 15986->15987 15987->15981 16040 11b0b60 16041 11b0b72 16040->16041 16043 11b0baf 16040->16043 16041->16043 16044 11b0bd0 16041->16044 16045 11b0c66 16044->16045 16046 11b0c05 16044->16046 16047 120e940 16045->16047 16048 120e915 16045->16048 16051 11b0c8d __cftof 16045->16051 16046->16045 16046->16051 16052 1201700 11 API calls 16046->16052 16050 1201700 11 API calls 16047->16050 16047->16051 16048->16051 16053 1201700 16048->16053 16050->16051 16051->16043 16052->16046 16056 12014e9 16053->16056 16055 120171c 16055->16051 16058 12014fb 16056->16058 16057 11fb58e __cftof 11 API calls 16059 120150e __cftof 16057->16059 16058->16057 16058->16059 16059->16055 15988 127131b 15989 11d7d50 GetPEB 15988->15989 15990 127134d 15989->15990 15991 1271351 GetPEB 15990->15991 15992 1271361 __cftof 15990->15992 15991->15992 15993 11fb640 __cftof 11 API calls 15992->15993 15994 1271384 15993->15994 15995 11e35a1 15996 11e35a7 15995->15996 15997 11e35b8 GetPEB 15996->15997 15998 11e35b7 15996->15998 15999 11ceb70 33 API calls 15997->15999 15999->15998

                  Executed Functions

                  Function 011F9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 12 11f9910-11f991c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 30613501e137fb42f96d3af11dc0eba48cfc33b27cf5f8d5e2b5b20f464c605d
                  • Instruction ID: 3e36a38dd5c03beb41ba3e0c7188607ffedad3e35a76322b6e1dedfe4035fd69
                  • Opcode Fuzzy Hash: 30613501e137fb42f96d3af11dc0eba48cfc33b27cf5f8d5e2b5b20f464c605d
                  • Instruction Fuzzy Hash: A19002B121200802D24171E944047460005A7D0341F51C111A5054558FC6D98DD577A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 13 11f99a0-11f99ac LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: f33003bd2a1b14bbddf11a7a2defae5bf1feac0fec65a4f38e4f4838c3b6eed5
                  • Instruction ID: c7b565f258914ccd36aec45a9dfa4db48b6722b9620d0664109099b989105639
                  • Opcode Fuzzy Hash: f33003bd2a1b14bbddf11a7a2defae5bf1feac0fec65a4f38e4f4838c3b6eed5
                  • Instruction Fuzzy Hash: A99002A135200842D20161E94414B060005E7E1341F51C115E1054558EC699CC527266
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 4 11f95d0-11f95dc LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: fa103e21a1548633340fad33e704fc1e25931b5185425691135497ad7dcc8bd0
                  • Instruction ID: 7dbff81ab4e49e81d2e03a227a2f26513246702eb389c5ae48cf99c4c544208e
                  • Opcode Fuzzy Hash: fa103e21a1548633340fad33e704fc1e25931b5185425691135497ad7dcc8bd0
                  • Instruction Fuzzy Hash: 199002A121300403420671E94414616400AA7E0241B51C121E1004594EC5A588917265
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 9 11f9840-11f984c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: eab53debc7b6cb6c61efa40faaa7566b136bd1053cb31a503e21174e8d9f5805
                  • Instruction ID: 374b5fe426e43de1f13ce6953d7da039849a0b801b1aab11678638c12c2a21e4
                  • Opcode Fuzzy Hash: eab53debc7b6cb6c61efa40faaa7566b136bd1053cb31a503e21174e8d9f5805
                  • Instruction Fuzzy Hash: 00900261253045525646B1E944045074006B7E0281791C112A1404954DC5A69856E761
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 10 11f9860-11f986c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 31387e1fcfc266f75158341ea4a81c6f3709accf374c5e1b702d6ecddffb90cd
                  • Instruction ID: c75ba83d2bfa5614a6e586ede72f40e3278ef563a64a62588e7aafb1232d67cb
                  • Opcode Fuzzy Hash: 31387e1fcfc266f75158341ea4a81c6f3709accf374c5e1b702d6ecddffb90cd
                  • Instruction Fuzzy Hash: 7990027121200813D21261E945047070009A7D0281F91C512A041455CED6D68952B261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 11 11f98f0-11f98fc LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 6ff5eef3b0643fe3717bf9d424ca4f84c2464e512348f949139bc88a63410a87
                  • Instruction ID: 47b68b85eea10ea57bf409ec0655602e0ab8c96cb0ab56327910272158a78e9a
                  • Opcode Fuzzy Hash: 6ff5eef3b0643fe3717bf9d424ca4f84c2464e512348f949139bc88a63410a87
                  • Instruction Fuzzy Hash: D090026161200902D20271E94404616000AA7D0281F91C122A1014559FCAA58992B271
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 7 11f9710-11f971c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 7912b7f33dc39d27d570a03d311c3e28d52d4b7511c4cc44b4b78d3d2a1e37a6
                  • Instruction ID: 9ca1dcf1480de3f26f1de01e3d57ceb343aad6d247d570beda2a5ed5defea311
                  • Opcode Fuzzy Hash: 7912b7f33dc39d27d570a03d311c3e28d52d4b7511c4cc44b4b78d3d2a1e37a6
                  • Instruction Fuzzy Hash: 0D90027121200802D20165E954086460005A7E0341F51D111A5014559FC6E588917271
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 8 11f9780-11f978c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: dc799f6eb1cb68beae5a2b523d4001bc68b25ea07bc80498553c6cf6553a6d7d
                  • Instruction ID: c82b068bbf52536eb326550633df526f6003702bff52ac262ce37e4a827c3635
                  • Opcode Fuzzy Hash: dc799f6eb1cb68beae5a2b523d4001bc68b25ea07bc80498553c6cf6553a6d7d
                  • Instruction Fuzzy Hash: 1290026922300402D28171E9540860A0005A7D1242F91D515A000555CDC99588696361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 14 11f9a00-11f9a0c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 342275a2cd08eff1657feed3ebb1494fff51a752773ca72b9da0935e01be2dab
                  • Instruction ID: 2da29b95a0c92c2006117ddef0a69bf0513a97a24499ea5f12e6e81101e0c1a0
                  • Opcode Fuzzy Hash: 342275a2cd08eff1657feed3ebb1494fff51a752773ca72b9da0935e01be2dab
                  • Instruction Fuzzy Hash: 0B90027121240802D20161E9481470B0005A7D0342F51C111A1154559EC6A5885176B1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 15 11f9a50-11f9a5c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: e0c4cc96174ff9df64f272a816d9bfe21fd4dad276d2ba148c1fd846f5ffde10
                  • Instruction ID: bdc18501c9e37f8ca0da1e0adff7196f75e96d992d4b910f24d5f93dd06ae42b
                  • Opcode Fuzzy Hash: e0c4cc96174ff9df64f272a816d9bfe21fd4dad276d2ba148c1fd846f5ffde10
                  • Instruction Fuzzy Hash: FE90026122280442D30165F94C14B070005A7D0343F51C215A0144558DC99588616661
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 5 11f9660-11f966c LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: c18a7be9b128e55f7c221fb929de17ddb3984c7b9b0ec6fc6936c812e0c45dd9
                  • Instruction ID: 6509aaae53daf29c159e9f0b9ba4833ba2095dacd6d8cf748883c068fce9e5ef
                  • Opcode Fuzzy Hash: c18a7be9b128e55f7c221fb929de17ddb3984c7b9b0ec6fc6936c812e0c45dd9
                  • Instruction Fuzzy Hash: 1C90027121200C02D28171E9440464A0005A7D1341F91C115A0015658ECA958A5977E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 6 11f96e0-11f96ec LdrInitializeThunk
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 32c38ba36c8f6fe9f2865a778b44faa9a8b51e8c9929201bc56e188a697ff877
                  • Instruction ID: 4af5af87ddd07d12d30caba2d73573e4dfd4bd860b0a3ccb4e95fffd432da567
                  • Opcode Fuzzy Hash: 32c38ba36c8f6fe9f2865a778b44faa9a8b51e8c9929201bc56e188a697ff877
                  • Instruction Fuzzy Hash: F890027121208C02D21161E9840474A0005A7D0341F55C511A441465CEC6D588917261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 11f967a-11f967f 1 11f968f-11f9696 LdrInitializeThunk 0->1 2 11f9681-11f9688 0->2
                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: f41bfb187bfef27cc29d7af5ac7e4685e97214fea0a091e913bc756e96229912
                  • Instruction ID: 770a2c9fa82dfa6532b6f004ef00ef20b8c7f378561e744f0aa54d07ca1045a9
                  • Opcode Fuzzy Hash: f41bfb187bfef27cc29d7af5ac7e4685e97214fea0a091e913bc756e96229912
                  • Instruction Fuzzy Hash: 88B09BB19024C9C5D716E7F546087177A007BD0755F16C155E2020645B8778C091F6B5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0041F176 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 16 41f176-41f183 17 41f18b-41f18e 16->17
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516059638.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041F000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_41f000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 892b179c851988b9ea6821be1945f2154ed8905bc8067e4ca7d033d6eed223f9
                  • Instruction ID: ff631a7cf9de583ebd25f7acbaafe188d8e841451f7a91283e1f3a31215276ae
                  • Opcode Fuzzy Hash: 892b179c851988b9ea6821be1945f2154ed8905bc8067e4ca7d033d6eed223f9
                  • Instruction Fuzzy Hash: 8AC09B7594010DD7451479F6A74A45B7759DE9D3197100297EC54065107B1624718ED3
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0041F180 Relevance: .0, Instructions: 7COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 18 41f180-41f183 19 41f18b-41f18e 18->19
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516059638.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041F000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_41f000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 956d8dac13ee013b51975b2ca90d747b228df4afbed3609ffa007034cfc32671
                  • Instruction ID: bf268d91f619938eb03b39c7895fca664e884f2412e91478f794490b2a2455dc
                  • Opcode Fuzzy Hash: 956d8dac13ee013b51975b2ca90d747b228df4afbed3609ffa007034cfc32671
                  • Instruction Fuzzy Hash: 71A022A8C0830C03002030FA2A03023B38CC000008F0003EAAE8C022023C02AC3200EB
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 0126B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                  Download Yara Rule
                  Strings
                  • a NULL pointer, xrefs: 0126B4E0
                  • *** An Access Violation occurred in %ws:%s, xrefs: 0126B48F
                  • *** enter .cxr %p for the context, xrefs: 0126B50D
                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0126B323
                  • an invalid address, %p, xrefs: 0126B4CF
                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0126B2DC
                  • *** enter .exr %p for the exception record, xrefs: 0126B4F1
                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0126B39B
                  • The resource is owned shared by %d threads, xrefs: 0126B37E
                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0126B3D6
                  • This failed because of error %Ix., xrefs: 0126B446
                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0126B47D
                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0126B476
                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0126B53F
                  • *** then kb to get the faulting stack, xrefs: 0126B51C
                  • <unknown>, xrefs: 0126B27E, 0126B2D1, 0126B350, 0126B399, 0126B417, 0126B48E
                  • The resource is owned exclusively by thread %p, xrefs: 0126B374
                  • *** Resource timeout (%p) in %ws:%s, xrefs: 0126B352
                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0126B484
                  • The instruction at %p tried to %s , xrefs: 0126B4B6
                  • *** Inpage error in %ws:%s, xrefs: 0126B418
                  • write to, xrefs: 0126B4A6
                  • The instruction at %p referenced memory at %p., xrefs: 0126B432
                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0126B38F
                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0126B2F3
                  • read from, xrefs: 0126B4AD, 0126B4B2
                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0126B314
                  • The critical section is owned by thread %p., xrefs: 0126B3B9
                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0126B305
                  • Go determine why that thread has not released the critical section., xrefs: 0126B3C5
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                  • API String ID: 0-108210295
                  • Opcode ID: 61f8708d8e72a1c06871ad2e397378741a0c07d34f947b4a49d226c26c1fa346
                  • Instruction ID: 7bafa749d75839ec12d1e26e376cc42e751ba41c81839e851ceba99e4319d27f
                  • Opcode Fuzzy Hash: 61f8708d8e72a1c06871ad2e397378741a0c07d34f947b4a49d226c26c1fa346
                  • Instruction Fuzzy Hash: 14811339B60211BFDB2D9B4A9C46E7B3F29EF56651F800058F604AF192D3A18492C6B2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01271C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                  Download Yara Rule
                  C-Code - Quality: 44%
                  			E01271C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x11948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E011BB150();
				} else {
					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x12a589c);
				E011BB150("Heap error detected at %p (heap handle %p)\n",  *0x12a58a0);
				_t27 =  *0x12a5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01271E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E011BB150();
				} else {
					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E011BB150("Error code: %d - %s\n",  *0x12a5898);
				_t113 =  *0x12a58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E011BB150();
					} else {
						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E011BB150("Parameter1: %p\n",  *0x12a58a4);
				}
				_t115 =  *0x12a58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E011BB150();
					} else {
						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E011BB150("Parameter2: %p\n",  *0x12a58a8);
				}
				_t117 =  *0x12a58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E011BB150();
					} else {
						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E011BB150("Parameter3: %p\n",  *0x12a58ac);
				}
				_t119 =  *0x12a58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E011BB150();
					} else {
						E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x12a58b4);
					E011BB150("Last known valid blocks: before - %p, after - %p\n",  *0x12a58b0);
				} else {
					_t120 =  *0x12a58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E011BB150();
				} else {
					E011BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E011BB150("Stack trace available at %p\n", 0x12a58c0);
			}











                  0x01271c10
                  0x01271c16
                  0x01271c1e
                  0x01271c3d
                  0x01271c3e
                  0x01271c20
                  0x01271c35
                  0x01271c3a
                  0x01271c44
                  0x01271c55
                  0x01271c5a
                  0x01271c65
                  0x01271c67
                  0x00000000
                  0x01271c6e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01271c67
                  0x01271cdc
                  0x01271ce5
                  0x01271d04
                  0x01271d05
                  0x01271ce7
                  0x01271cfc
                  0x01271d01
                  0x01271d0b
                  0x01271d17
                  0x01271d1f
                  0x01271d25
                  0x01271d30
                  0x01271d4f
                  0x01271d50
                  0x01271d32
                  0x01271d47
                  0x01271d4c
                  0x01271d61
                  0x01271d67
                  0x01271d68
                  0x01271d6e
                  0x01271d79
                  0x01271d98
                  0x01271d99
                  0x01271d7b
                  0x01271d90
                  0x01271d95
                  0x01271daa
                  0x01271db0
                  0x01271db1
                  0x01271db7
                  0x01271dc2
                  0x01271de1
                  0x01271de2
                  0x01271dc4
                  0x01271dd9
                  0x01271dde
                  0x01271df3
                  0x01271df9
                  0x01271dfa
                  0x01271e00
                  0x01271e0a
                  0x01271e13
                  0x01271e32
                  0x01271e33
                  0x01271e15
                  0x01271e2a
                  0x01271e2f
                  0x01271e39
                  0x01271e4a
                  0x01271e02
                  0x01271e02
                  0x01271e08
                  0x00000000
                  0x00000000
                  0x01271e08
                  0x01271e5b
                  0x01271e7a
                  0x01271e7b
                  0x01271e5d
                  0x01271e72
                  0x01271e77
                  0x01271e95

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                  • API String ID: 0-2897834094
                  • Opcode ID: 140ad40a95b3c2fd22cc2372ab541d217dd688dc6d79295cd7fd6ff4e89d671a
                  • Instruction ID: b0b3a52a9ca07b1315b89cf58a836431163745f527e5220ec2723804573332c2
                  • Opcode Fuzzy Hash: 140ad40a95b3c2fd22cc2372ab541d217dd688dc6d79295cd7fd6ff4e89d671a
                  • Instruction Fuzzy Hash: 3B61073A536142DFC719AB8AF58AE2277A8EF04930B4D802EF50D6B701D7749C908F5E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E8E00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 44%
                  			E011E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x12ad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x12a8464; // 0x76c90110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x12a5780 & 0x00000003) != 0) {
							E01235510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x12a5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E011FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x12a7984; // 0xc82ba8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x12a8464; // 0x76c90110
					 *0x12ab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E011E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x12a5780 & 0x00000005) != 0) {
						_push(_t49);
						E01235510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                  0x011e8e0f
                  0x011e8e16
                  0x011e8e19
                  0x011e8e1b
                  0x011e8e21
                  0x011e8e7f
                  0x011e8e85
                  0x01229354
                  0x0122936c
                  0x01229371
                  0x0122937b
                  0x01229381
                  0x01229381
                  0x0122937b
                  0x011e8e9d
                  0x011e8e9d
                  0x011e8e29
                  0x011e8e2c
                  0x011e8e38
                  0x011e8e3e
                  0x011e8e43
                  0x011e8eb5
                  0x011e8eb9
                  0x012292aa
                  0x012292af
                  0x012292e8
                  0x012292e8
                  0x012292af
                  0x011e8eb9
                  0x011e8e45
                  0x011e8e53
                  0x011e8e5b
                  0x011e8e5f
                  0x011e8e78
                  0x011e8e78
                  0x011e8e7d
                  0x011e8ec3
                  0x011e8ecd
                  0x011e8ed2
                  0x011e8ed2
                  0x011e8ec5
                  0x011e8ec5
                  0x00000000
                  0x011e8e7d
                  0x011e8e67
                  0x011e8ea4
                  0x0122931a
                  0x00000000
                  0x00000000
                  0x01229320
                  0x011e8ea4
                  0x011e8e70
                  0x01229325
                  0x01229340
                  0x01229345
                  0x01229345
                  0x011e8e76
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  Strings
                  • minkernel\ntdll\ldrsnap.c, xrefs: 0122933B, 01229367
                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0122932A
                  • LdrpFindDllActivationContext, xrefs: 01229331, 0122935D
                  • Querying the active activation context failed with status 0x%08lx, xrefs: 01229357
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                  • API String ID: 3446177414-3779518884
                  • Opcode ID: 6319d8deff24047740f04490de7d8ace5bf7e03f80c3e31ac101a25286aae209
                  • Instruction ID: 2aa87de8cca51c08c14807154a708750b63f4d9aafacf51cf6e3a2a9f626e794
                  • Opcode Fuzzy Hash: 6319d8deff24047740f04490de7d8ace5bf7e03f80c3e31ac101a25286aae209
                  • Instruction Fuzzy Hash: 27411832A00B35AFEF3DABDCD84DB7ABAE5BB00258F4A4169E90457151E7706DC08382
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E011C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E011C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E011C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E011C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E011C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E011C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L011D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E011FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01201370(_t276, 0x1194e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E011FBB40(0,  &_v68, _t170);
									if(L011C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E011FBB40(_t257,  &_v68, _t243);
								if(L011C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01201370(_t278, 0x1194e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L011D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E011FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01201370(_v16, 0x1194e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E011FBB40(_t262,  &_v68, _t244);
								if(L011C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01201370(_t282, 0x1194e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E011FBB40(_t262,  &_v68, _t201);
							if(L011C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L011D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E011FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01201370(_t280, 0x1194e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E011FBB40(_t267,  &_v68, _t245);
							if(L011C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01201370(_t284, 0x1194e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E011FBB40(_t267,  &_v68, _t224);
						if(L011C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                  0x011c3d3c
                  0x011c3d42
                  0x011c3d44
                  0x011c3d46
                  0x011c3d49
                  0x011c3d4c
                  0x011c3d4f
                  0x011c3d52
                  0x011c3d55
                  0x011c3d58
                  0x011c3d5b
                  0x011c3d5f
                  0x011c3d61
                  0x011c3d66
                  0x01218213
                  0x01218218
                  0x011c4085
                  0x011c4088
                  0x011c408e
                  0x011c4094
                  0x011c409a
                  0x011c40a0
                  0x011c40a6
                  0x011c40a9
                  0x011c40af
                  0x011c40b6
                  0x011c40bd
                  0x011c40bd
                  0x011c3d83
                  0x0121821f
                  0x01218229
                  0x01218238
                  0x01218238
                  0x0121823d
                  0x0121823d
                  0x011c3da0
                  0x011c3daf
                  0x011c3db5
                  0x011c3dba
                  0x011c3dba
                  0x011c3dd4
                  0x011c3e94
                  0x011c3eab
                  0x011c3f6d
                  0x011c3f84
                  0x011c406b
                  0x011c406b
                  0x011c406e
                  0x011c406e
                  0x011c4070
                  0x011c4074
                  0x01218351
                  0x01218351
                  0x011c407a
                  0x011c407f
                  0x0121835d
                  0x01218370
                  0x01218377
                  0x01218379
                  0x0121837c
                  0x0121837c
                  0x0121835d
                  0x00000000
                  0x011c407f
                  0x011c3f8a
                  0x011c3f8d
                  0x011c3f90
                  0x011c3f95
                  0x0121830d
                  0x0121830f
                  0x011c3f9b
                  0x011c3fac
                  0x011c3fae
                  0x011c3fb1
                  0x011c3fb1
                  0x011c3fb6
                  0x01218317
                  0x0121831a
                  0x00000000
                  0x011c3fbc
                  0x011c3fc1
                  0x011c3fc9
                  0x011c3fd7
                  0x011c3fda
                  0x011c3fdd
                  0x011c4021
                  0x011c4021
                  0x011c4029
                  0x011c4030
                  0x011c4044
                  0x011c4046
                  0x011c4046
                  0x011c4044
                  0x011c4049
                  0x01218327
                  0x01218334
                  0x01218339
                  0x0121833c
                  0x011c404f
                  0x011c404f
                  0x011c404f
                  0x011c4051
                  0x011c4056
                  0x011c4063
                  0x011c4063
                  0x011c4068
                  0x00000000
                  0x011c4068
                  0x011c3fdf
                  0x011c3fe2
                  0x011c3fe4
                  0x011c3fe7
                  0x011c3fef
                  0x011c4003
                  0x011c4005
                  0x011c4005
                  0x011c400c
                  0x011c4013
                  0x011c4016
                  0x011c4017
                  0x011c401b
                  0x011c401e
                  0x00000000
                  0x011c401e
                  0x011c3fb6
                  0x011c3eb1
                  0x011c3eb4
                  0x011c3eb7
                  0x011c3ebc
                  0x012182a9
                  0x012182ab
                  0x011c3ec2
                  0x011c3ed3
                  0x011c3ed5
                  0x011c3ed8
                  0x011c3ed8
                  0x011c3edd
                  0x012182b3
                  0x012182b6
                  0x00000000
                  0x011c3ee3
                  0x011c3ee8
                  0x011c3eed
                  0x011c3ef0
                  0x011c3ef3
                  0x011c3f02
                  0x011c3f05
                  0x011c3f08
                  0x012182c0
                  0x012182c3
                  0x012182c5
                  0x012182c8
                  0x012182d0
                  0x012182e4
                  0x012182e6
                  0x012182e6
                  0x012182ed
                  0x012182f4
                  0x012182f7
                  0x012182f8
                  0x012182fc
                  0x012182ff
                  0x012182ff
                  0x011c3f0e
                  0x011c3f11
                  0x011c3f16
                  0x011c3f1d
                  0x011c3f31
                  0x01218307
                  0x01218307
                  0x011c3f31
                  0x011c3f39
                  0x011c3f48
                  0x011c3f4d
                  0x011c3f50
                  0x011c3f50
                  0x011c3f53
                  0x011c3f58
                  0x011c3f65
                  0x011c3f65
                  0x011c3f6a
                  0x00000000
                  0x011c3f6a
                  0x011c3edd
                  0x011c3dda
                  0x011c3ddd
                  0x011c3de0
                  0x011c3de5
                  0x01218245
                  0x011c3deb
                  0x011c3df7
                  0x011c3dfc
                  0x011c3dfe
                  0x011c3e01
                  0x011c3e01
                  0x011c3e06
                  0x0121824d
                  0x0121824f
                  0x01218254
                  0x00000000
                  0x011c3e0c
                  0x011c3e11
                  0x011c3e16
                  0x011c3e19
                  0x011c3e29
                  0x011c3e2c
                  0x011c3e2f
                  0x0121825c
                  0x0121825f
                  0x01218261
                  0x01218264
                  0x0121826c
                  0x01218280
                  0x01218282
                  0x01218282
                  0x01218289
                  0x01218290
                  0x01218293
                  0x01218294
                  0x01218298
                  0x0121829b
                  0x0121829b
                  0x011c3e35
                  0x011c3e38
                  0x011c3e3d
                  0x011c3e44
                  0x011c3e58
                  0x012182a3
                  0x012182a3
                  0x011c3e58
                  0x011c3e60
                  0x011c3e6f
                  0x011c3e74
                  0x011c3e77
                  0x011c3e77
                  0x011c3e7a
                  0x011c3e7f
                  0x011c3e8c
                  0x011c3e8c
                  0x011c3e91
                  0x00000000
                  0x011c3e91

                  Strings
                  • Kernel-MUI-Language-SKU, xrefs: 011C3F70
                  • Kernel-MUI-Language-Allowed, xrefs: 011C3DC0
                  • WindowsExcludedProcs, xrefs: 011C3D6F
                  • Kernel-MUI-Number-Allowed, xrefs: 011C3D8C
                  • Kernel-MUI-Language-Disallowed, xrefs: 011C3E97
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                  • API String ID: 0-258546922
                  • Opcode ID: a96155a141ca97557d853e02e07b9857ea4ae83be3d14b965453ed9b8585e995
                  • Instruction ID: 4812dae8c38ecd7d9f0d327d7f51b1edd12d4276adaa26f45cf197cca78ca8a0
                  • Opcode Fuzzy Hash: a96155a141ca97557d853e02e07b9857ea4ae83be3d14b965453ed9b8585e995
                  • Instruction Fuzzy Hash: A6F19172D1461AEFCB1ADF98C980AEEBBF8FF18A40F15405AE905E7650D7349E01CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                  Download Yara Rule
                  C-Code - Quality: 83%
                  			E011C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E011C934A() != 0) {
								_t159 = E0123A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x12a5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01235510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x12a5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E011C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E011C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E011C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x12a5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x12a5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E011D2280(_t92, 0x12a86cc);
															_t94 = E01289DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E011E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x12a5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E011C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x12a5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x12a5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E011FF380(_t136, 0x1191184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E011D2280(_t108, 0x12a86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E011E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01289D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E011CFFB0(_t118, _t156, 0x12a86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E011F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                  0x011c8799
                  0x011c879d
                  0x011c87a1
                  0x011c87a3
                  0x011c87a8
                  0x011c87c3
                  0x011c87c3
                  0x011c87c8
                  0x011c87d1
                  0x011c87d4
                  0x011c87d8
                  0x011c87e5
                  0x011c87ec
                  0x01219bfe
                  0x01219c00
                  0x01219c02
                  0x01219c08
                  0x01219c0d
                  0x01219c0f
                  0x01219c14
                  0x01219c2d
                  0x01219c32
                  0x01219c37
                  0x01219c3a
                  0x01219c3c
                  0x01219c42
                  0x01219c42
                  0x01219c3c
                  0x01219c02
                  0x011c87da
                  0x011c87df
                  0x011c87e3
                  0x00000000
                  0x00000000
                  0x011c87e3
                  0x011c87f2
                  0x00000000
                  0x011c87fb
                  0x011c87fd
                  0x011c87fe
                  0x011c880e
                  0x011c880f
                  0x011c8810
                  0x011c8814
                  0x011c881a
                  0x011c881c
                  0x011c881f
                  0x011c8821
                  0x011c8822
                  0x011c8824
                  0x011c8826
                  0x011c882c
                  0x011c882e
                  0x01219c48
                  0x01219c48
                  0x011c8834
                  0x011c8834
                  0x011c8837
                  0x00000000
                  0x00000000
                  0x011c8837
                  0x011c882e
                  0x011c883d
                  0x011c8840
                  0x011c8843
                  0x011c8846
                  0x011c8849
                  0x011c884c
                  0x011c884e
                  0x011c8850
                  0x011c8852
                  0x011c8854
                  0x011c8857
                  0x011c88b4
                  0x011c88b6
                  0x011c88b6
                  0x011c8859
                  0x011c8859
                  0x011c8859
                  0x011c8861
                  0x011c8866
                  0x011c886a
                  0x011c893d
                  0x011c8941
                  0x00000000
                  0x011c8947
                  0x011c8947
                  0x011c894a
                  0x011c894c
                  0x00000000
                  0x011c8952
                  0x011c8955
                  0x011c895a
                  0x011c895d
                  0x011c895d
                  0x011c895f
                  0x011c8961
                  0x011c8961
                  0x011c8968
                  0x00000000
                  0x00000000
                  0x011c896a
                  0x011c896b
                  0x011c896e
                  0x00000000
                  0x011c8970
                  0x011c8970
                  0x011c8970
                  0x011c8970
                  0x011c8972
                  0x011c8972
                  0x011c8974
                  0x00000000
                  0x011c897a
                  0x011c897a
                  0x011c897d
                  0x00000000
                  0x011c8983
                  0x01219c65
                  0x01219c6d
                  0x01219c72
                  0x01219c75
                  0x01219c75
                  0x01219c82
                  0x01219c86
                  0x01219c87
                  0x01219c88
                  0x01219c89
                  0x01219c8c
                  0x01219c90
                  0x01219c95
                  0x01219c97
                  0x01219ca0
                  0x01219ca3
                  0x01219ca9
                  0x01219ca9
                  0x00000000
                  0x01219ca9
                  0x01219ca3
                  0x00000000
                  0x01219c97
                  0x011c897d
                  0x00000000
                  0x011c8974
                  0x011c8988
                  0x011c8992
                  0x011c8996
                  0x00000000
                  0x011c8996
                  0x011c894c
                  0x00000000
                  0x011c8870
                  0x011c887b
                  0x011c887d
                  0x011c887f
                  0x011c8881
                  0x011c8884
                  0x011c8884
                  0x011c8886
                  0x011c8889
                  0x011c888c
                  0x011c888e
                  0x011c8891
                  0x011c8891
                  0x011c8898
                  0x00000000
                  0x00000000
                  0x011c889a
                  0x011c889b
                  0x011c889e
                  0x00000000
                  0x00000000
                  0x011c88a0
                  0x011c88a8
                  0x011c88b0
                  0x011c88b2
                  0x011c88d3
                  0x011c88d5
                  0x00000000
                  0x011c88d7
                  0x011c88db
                  0x011c88dc
                  0x011c88e0
                  0x011c88e8
                  0x011c88ee
                  0x011c88f0
                  0x011c88f3
                  0x011c88fc
                  0x011c8901
                  0x011c8906
                  0x011c890c
                  0x011c890c
                  0x011c890f
                  0x011c8916
                  0x011c8917
                  0x011c8918
                  0x011c8919
                  0x011c891a
                  0x011c891f
                  0x011c8921
                  0x01219c52
                  0x01219c55
                  0x01219c5b
                  0x01219cac
                  0x01219cc0
                  0x01219cc0
                  0x01219c55
                  0x011c8927
                  0x011c8927
                  0x011c892f
                  0x011c8933
                  0x00000000
                  0x011c88f5
                  0x011c88f5
                  0x00000000
                  0x011c88f7
                  0x011c88f7
                  0x011c88fa
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011c88fa
                  0x011c88f5
                  0x011c88f3
                  0x00000000
                  0x011c88d5
                  0x00000000
                  0x011c88b2
                  0x011c88c9
                  0x00000000
                  0x011c88c9
                  0x011c887f
                  0x011c886a
                  0x011c8857
                  0x011c8852
                  0x011c88bf
                  0x011c88bf
                  0x011c87aa
                  0x011c87ad
                  0x011c87ae
                  0x011c87b4
                  0x011c87b5
                  0x011c87b6
                  0x011c87b8
                  0x011c87bd
                  0x011c87c1
                  0x011c87f4
                  0x011c87fa
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011c87c1
                  0x00000000

                  Strings
                  • LdrpDoPostSnapWork, xrefs: 01219C1E
                  • minkernel\ntdll\ldrsnap.c, xrefs: 01219C28
                  • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01219C18
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                  • API String ID: 2994545307-1948996284
                  • Opcode ID: cbca00073d1aaa61cbfb7c9dc53f469a113e711134460f2360e80e2f3208c133
                  • Instruction ID: c307be72413eaa87f801020aa716208a6d202db5d68c9313af28ddb959ec78a4
                  • Opcode Fuzzy Hash: cbca00073d1aaa61cbfb7c9dc53f469a113e711134460f2360e80e2f3208c133
                  • Instruction Fuzzy Hash: 1D910271A10206AFEF1CDF59D8C0ABBB7B5FFA4B14B45406DEA05AB640E730E941CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E011C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E011CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E011BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x12a5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01235510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x12a5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E011D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E011D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01237016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E011D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E011D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01237016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E011EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E011BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                  0x011c7e4c
                  0x011c7e50
                  0x011c7e55
                  0x011c7e58
                  0x011c7e5d
                  0x011c7e71
                  0x011c7f33
                  0x011c7e77
                  0x011c7e77
                  0x011c7e79
                  0x011c7e79
                  0x011c7e7e
                  0x011c7f45
                  0x01219848
                  0x00000000
                  0x01219848
                  0x011c7f4e
                  0x011c7f53
                  0x011c7f5a
                  0x00000000
                  0x00000000
                  0x0121985a
                  0x01219862
                  0x01219866
                  0x00000000
                  0x0121986c
                  0x00000000
                  0x0121986c
                  0x011c7e84
                  0x011c7e84
                  0x011c7e8d
                  0x01219871
                  0x011c7eb8
                  0x011c7ec0
                  0x011c7ec0
                  0x011c7e9a
                  0x0121987e
                  0x00000000
                  0x00000000
                  0x01219884
                  0x0121988b
                  0x012198a7
                  0x012198ac
                  0x012198b1
                  0x012198b6
                  0x012198b8
                  0x012198b8
                  0x012198b9
                  0x00000000
                  0x012198b9
                  0x011c7ea0
                  0x011c7ea7
                  0x00000000
                  0x00000000
                  0x011c7eac
                  0x011c7eb1
                  0x011c7ec6
                  0x011c7ed0
                  0x012198cc
                  0x011c7ed6
                  0x011c7ed6
                  0x011c7ed6
                  0x011c7ede
                  0x011c7ee3
                  0x012198e3
                  0x012198f0
                  0x01219902
                  0x012198f2
                  0x012198fb
                  0x012198fb
                  0x01219907
                  0x0121991d
                  0x0121991d
                  0x01219907
                  0x012198e3
                  0x011c7ef0
                  0x011c7f14
                  0x011c7f14
                  0x011c7f1e
                  0x01219946
                  0x011c7f24
                  0x011c7f24
                  0x011c7f24
                  0x011c7f2c
                  0x0121996a
                  0x01219975
                  0x01219975
                  0x0121997e
                  0x01219993
                  0x01219993
                  0x0121997e
                  0x00000000
                  0x011c7ef2
                  0x011c7efc
                  0x011c7f0a
                  0x011c7f0e
                  0x01219933
                  0x00000000
                  0x01219933
                  0x00000000
                  0x011c7f0e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011c7eb1

                  Strings
                  • minkernel\ntdll\ldrmap.c, xrefs: 012198A2
                  • Could not validate the crypto signature for DLL %wZ, xrefs: 01219891
                  • LdrpCompleteMapModule, xrefs: 01219898
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                  • API String ID: 0-1676968949
                  • Opcode ID: 7beeb0b9efd41d49cbb6359eb92e5265e9774fbe8bdebebb41a24fc54b956068
                  • Instruction ID: 9c5754f57983f495fe209bdb3951701c3ed88be00bb1fc4832b5e38d565bdbda
                  • Opcode Fuzzy Hash: 7beeb0b9efd41d49cbb6359eb92e5265e9774fbe8bdebebb41a24fc54b956068
                  • Instruction Fuzzy Hash: 09511332600742DBEB29CB6DC894B3A7BE4AF21B18F050599EA519B7D1D7B0ED40CF51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E011BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E011BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E011F95D0();
						}
						if(_t78 != 0) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E011FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E011FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E011F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E011FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L011BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E011FBB40(_t83, _t102 + 0x24, _t78);
								if(L011C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E011FBB40(_t84, _t102 + 0x24, _t94);
									if(L011C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                  0x011be620
                  0x011be628
                  0x011be62f
                  0x011be631
                  0x011be635
                  0x011be637
                  0x011be63e
                  0x01215503
                  0x01215503
                  0x011be64c
                  0x011be64c
                  0x011be651
                  0x00000000
                  0x00000000
                  0x011be661
                  0x011be665
                  0x0121542a
                  0x011be715
                  0x011be71a
                  0x011be71c
                  0x011be720
                  0x011be720
                  0x011be727
                  0x011be736
                  0x011be736
                  0x011be743
                  0x011be743
                  0x011be673
                  0x011be678
                  0x011be67d
                  0x011be682
                  0x011be685
                  0x011be692
                  0x011be69b
                  0x011be6a3
                  0x011be6ad
                  0x011be6b1
                  0x011be6b2
                  0x011be6bb
                  0x011be6bf
                  0x011be6c0
                  0x011be6c8
                  0x011be6cc
                  0x011be6d5
                  0x011be6d9
                  0x00000000
                  0x00000000
                  0x011be6e5
                  0x011be6ea
                  0x011be6f9
                  0x011be70b
                  0x011be70f
                  0x01215439
                  0x0121545e
                  0x0121545e
                  0x00000000
                  0x0121545e
                  0x0121543b
                  0x0121543e
                  0x01215440
                  0x01215445
                  0x01215472
                  0x01215475
                  0x0121548d
                  0x01215493
                  0x012154a9
                  0x00000000
                  0x00000000
                  0x012154ab
                  0x012154b4
                  0x012154bc
                  0x012154c8
                  0x012154de
                  0x012154fb
                  0x012154e0
                  0x012154e6
                  0x012154eb
                  0x012154eb
                  0x012154de
                  0x00000000
                  0x012154bc
                  0x01215477
                  0x0121547a
                  0x01215480
                  0x01215483
                  0x01215486
                  0x0121548b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0121548b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01215447
                  0x01215447
                  0x01215447
                  0x01215447
                  0x0121544e
                  0x00000000
                  0x00000000
                  0x01215450
                  0x01215452
                  0x01215455
                  0x0121545a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0121545c
                  0x0121546a
                  0x0121546d
                  0x0121546f
                  0x00000000
                  0x0121546f
                  0x011be70f

                  Strings
                  • InstallLanguageFallback, xrefs: 011BE6DB
                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 011BE68C
                  • @, xrefs: 011BE6C0
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                  • API String ID: 0-1757540487
                  • Opcode ID: ef14d83f39922fb6a311a6bd2da0a1217095d79f74fe7726f6e1bff961cc5b15
                  • Instruction ID: 7d71634f606f009e29620eb43bfdbba5bb99abf28ac24813d66454e5917b7143
                  • Opcode Fuzzy Hash: ef14d83f39922fb6a311a6bd2da0a1217095d79f74fe7726f6e1bff961cc5b15
                  • Instruction Fuzzy Hash: 2D51D2725193469BD718DF68C480BABB3E8FF99618F05096EFA85D7240F734D904C7A2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0124FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                  Download Yara Rule
                  APIs
                  Strings
                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0124FF60
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                  • API String ID: 3446177414-1911121157
                  • Opcode ID: 4d358e551992d4a75fda33272755440787dca0476fab76feaa8279369a3f7543
                  • Instruction ID: cfe0dfb9efb00e2e2f80a6ac9e734f7e90dc4a382107669885be2e33861abe00
                  • Opcode Fuzzy Hash: 4d358e551992d4a75fda33272755440787dca0476fab76feaa8279369a3f7543
                  • Instruction Fuzzy Hash: 5F110475930549EFDF2ADB98C948FA8BBB1FF48704F558054F2086B1A1C7399940CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012351BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E012351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x12905f0);
				E0120D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E011CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E012353CA(0);
						return E0120D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E011FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E011D3690(1, _t117, 0x1191810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E011FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L011D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E011FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0123500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E011F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                  0x012351be
                  0x012351c3
                  0x012351c8
                  0x012351cd
                  0x012351d0
                  0x012351d3
                  0x012351d8
                  0x012351db
                  0x012351de
                  0x012351e0
                  0x012351e3
                  0x012351e6
                  0x012351e8
                  0x01235342
                  0x01235351
                  0x01235356
                  0x0123535a
                  0x01235360
                  0x01235363
                  0x01235366
                  0x01235369
                  0x01235369
                  0x0123536b
                  0x0123536b
                  0x01235370
                  0x012353a3
                  0x012353a4
                  0x012353a6
                  0x012353ab
                  0x012353ab
                  0x012353ae
                  0x012353ae
                  0x012353b5
                  0x012353bf
                  0x012353bf
                  0x01235375
                  0x01235396
                  0x012353a0
                  0x012353a0
                  0x00000000
                  0x01235396
                  0x01235377
                  0x01235379
                  0x0123537f
                  0x0123538c
                  0x01235390
                  0x00000000
                  0x01235390
                  0x012351ee
                  0x012351f1
                  0x01235301
                  0x01235310
                  0x01235315
                  0x01235318
                  0x0123531b
                  0x01235320
                  0x0123532e
                  0x01235331
                  0x00000000
                  0x01235331
                  0x01235328
                  0x01235329
                  0x00000000
                  0x01235329
                  0x012351fa
                  0x01235235
                  0x01235236
                  0x01235239
                  0x0123523f
                  0x01235240
                  0x01235241
                  0x01235242
                  0x01235246
                  0x01235247
                  0x0123524e
                  0x01235251
                  0x01235267
                  0x01235269
                  0x0123526e
                  0x0123527d
                  0x0123527e
                  0x01235281
                  0x01235282
                  0x01235287
                  0x01235288
                  0x0123528a
                  0x0123528f
                  0x01235294
                  0x00000000
                  0x00000000
                  0x0123529a
                  0x0123529c
                  0x0123529e
                  0x0123529e
                  0x012352a4
                  0x012352b0
                  0x00000000
                  0x00000000
                  0x012352ba
                  0x012352bc
                  0x012352bc
                  0x012352d4
                  0x012352d9
                  0x012352dc
                  0x012352e1
                  0x00000000
                  0x00000000
                  0x012352e7
                  0x012352f4
                  0x00000000
                  0x012352f4
                  0x01235270
                  0x00000000
                  0x01235270
                  0x012351fc
                  0x012351fd
                  0x01235202
                  0x01235203
                  0x01235205
                  0x0123520a
                  0x0123520f
                  0x00000000
                  0x00000000
                  0x0123521b
                  0x01235226
                  0x0123522b
                  0x0123521d
                  0x0123521d
                  0x01235222
                  0x01235222
                  0x0123522d
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: Legacy$UEFI
                  • API String ID: 2994545307-634100481
                  • Opcode ID: ad8c1689b8e444be9a5bc198ba6a4f7ec801a6c7a8895b4612075715da35b66f
                  • Instruction ID: 10bd81aca4e1c0a0aefbc68b7517e8a42f065ad05d3654fab3c4e23b5b534a08
                  • Opcode Fuzzy Hash: ad8c1689b8e444be9a5bc198ba6a4f7ec801a6c7a8895b4612075715da35b66f
                  • Instruction Fuzzy Hash: 5A515DB1E206099FDB25DFA8C980BADBBF8FF98704F14402DE659EB251D7719940CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011CD5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 87%
                  			E011CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x12ad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E011C6600(0x12a52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x12a7b9c; // 0x0
							_t281 = L011D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E011FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x12a7b90; // 0x77380000
								if(_t384 == 0) {
									_t353 =  *0x12a7b8c; // 0xc82ac0
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E011D2280(_t200, 0x12a84d8);
									_t277 =  *0x12a85f4; // 0xc82fb0
									_t351 =  *0x12a85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xc82f48
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E011CFFB0(_t287, _t353, 0x12a84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0120CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E011C6600(0x12a52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E011C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x12ab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0123E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x12a8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x12ab218; // 0x0
														asm("ror edi, cl");
														 *0x12ab1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E011D2280(_t250, 0x12a84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L011F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E011CFFB0(_t293, _t353, 0x12a84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E011F37F5(_t353, 0);
																}
																E011F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E011E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E011E02D6(_t174);
																}
																L011D77F0( *0x12a7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E011EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L011CEC7F(_t353);
										L011E19B8(_t287, 0, _t353, 0);
										_t200 = E011BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E011FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x12ab2f8; // 0x0
									if((_t206 |  *0x12ab2fc) == 0 || ( *0x12ab2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x12ab2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E01266B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E01266AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E011CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L011CEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E011F9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E011CE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L011C8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E011F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                  0x011cd5f2
                  0x011cd5f5
                  0x011cd5f5
                  0x011cd5fd
                  0x011cd600
                  0x011cd60a
                  0x011cd60d
                  0x011cd617
                  0x011cd61d
                  0x011cd627
                  0x011cd62e
                  0x011cd911
                  0x011cd913
                  0x00000000
                  0x011cd919
                  0x011cd919
                  0x011cd919
                  0x011cd634
                  0x011cd634
                  0x011cd634
                  0x011cd634
                  0x011cd640
                  0x011cd8bf
                  0x00000000
                  0x011cd646
                  0x011cd646
                  0x011cd64d
                  0x011cd652
                  0x0121b2fc
                  0x0121b2fc
                  0x0121b302
                  0x0121b33b
                  0x0121b341
                  0x00000000
                  0x0121b304
                  0x0121b304
                  0x0121b319
                  0x0121b31e
                  0x0121b324
                  0x0121b326
                  0x0121b332
                  0x0121b347
                  0x0121b34c
                  0x0121b351
                  0x0121b35a
                  0x00000000
                  0x0121b328
                  0x0121b328
                  0x00000000
                  0x0121b328
                  0x0121b326
                  0x011cd658
                  0x011cd658
                  0x011cd65b
                  0x011cd665
                  0x00000000
                  0x011cd66b
                  0x011cd66b
                  0x011cd66b
                  0x011cd66b
                  0x011cd66d
                  0x011cd672
                  0x011cd67a
                  0x00000000
                  0x00000000
                  0x011cd680
                  0x011cd686
                  0x011cd8ce
                  0x011cd8d4
                  0x011cd8dd
                  0x011cd8e0
                  0x011cd68c
                  0x011cd691
                  0x011cd69d
                  0x011cd6a2
                  0x011cd6a7
                  0x011cd6b0
                  0x011cd6b5
                  0x011cd6e0
                  0x011cd6b7
                  0x011cd6b7
                  0x011cd6b9
                  0x011cd6b9
                  0x011cd6bb
                  0x011cd6bd
                  0x011cd6ce
                  0x011cd6d0
                  0x011cd6d2
                  0x0121b363
                  0x0121b365
                  0x00000000
                  0x0121b36b
                  0x00000000
                  0x0121b36b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011cd6bf
                  0x011cd6bf
                  0x011cd6e5
                  0x011cd6e7
                  0x011cd6e9
                  0x011cd6ec
                  0x011cd6ec
                  0x011cd6ef
                  0x011cd6f5
                  0x011cd6f9
                  0x011cd6fb
                  0x011cd6fd
                  0x011cd701
                  0x011cd703
                  0x011cd70a
                  0x011cd70a
                  0x011cd701
                  0x011cd710
                  0x011cd710
                  0x011cd6c1
                  0x011cd6c1
                  0x011cd6c6
                  0x0121b36d
                  0x0121b36f
                  0x00000000
                  0x0121b375
                  0x0121b375
                  0x0121b375
                  0x00000000
                  0x0121b375
                  0x00000000
                  0x011cd6cc
                  0x011cd6d8
                  0x011cd6d8
                  0x011cd6d8
                  0x00000000
                  0x011cd6c6
                  0x011cd6bf
                  0x00000000
                  0x011cd6da
                  0x011cd6da
                  0x011cd716
                  0x011cd71b
                  0x011cd720
                  0x011cd726
                  0x011cd726
                  0x011cd72d
                  0x00000000
                  0x011cd733
                  0x011cd739
                  0x011cd742
                  0x011cd750
                  0x011cd758
                  0x011cd764
                  0x011cd776
                  0x011cd77a
                  0x011cd783
                  0x011cd928
                  0x011cd92c
                  0x011cd93d
                  0x011cd944
                  0x011cd94f
                  0x011cd954
                  0x011cd956
                  0x011cd95f
                  0x011cd961
                  0x011cd973
                  0x011cd973
                  0x011cd956
                  0x011cd944
                  0x011cd92c
                  0x011cd78b
                  0x0121b394
                  0x011cd791
                  0x011cd798
                  0x0121b3a3
                  0x0121b3bb
                  0x0121b3bb
                  0x011cd7a5
                  0x011cd866
                  0x011cd870
                  0x011cd884
                  0x011cd892
                  0x011cd898
                  0x011cd89e
                  0x011cd8a0
                  0x011cd8a6
                  0x011cd8ac
                  0x011cd8ae
                  0x011cd8b4
                  0x011cd8b4
                  0x011cd8ae
                  0x011cd7a5
                  0x011cd78b
                  0x011cd7b1
                  0x0121b3c5
                  0x0121b3c5
                  0x011cd7c3
                  0x011cd7ca
                  0x011cd7e5
                  0x011cd7eb
                  0x011cd8eb
                  0x011cd8ed
                  0x00000000
                  0x011cd8f3
                  0x011cd8f3
                  0x011cd8f3
                  0x00000000
                  0x011cd8ed
                  0x011cd7cc
                  0x011cd7cc
                  0x011cd7d2
                  0x00000000
                  0x011cd7d4
                  0x011cd7d4
                  0x011cd7d7
                  0x011cd7df
                  0x0121b3d4
                  0x0121b3d9
                  0x0121b3dc
                  0x0121b3dc
                  0x0121b3df
                  0x0121b3e2
                  0x0121b468
                  0x0121b46d
                  0x0121b46f
                  0x0121b46f
                  0x0121b475
                  0x011cd8f8
                  0x011cd8f9
                  0x011cd8fd
                  0x0121b3e8
                  0x0121b3e8
                  0x0121b3eb
                  0x0121b3ed
                  0x00000000
                  0x0121b3ef
                  0x0121b3ef
                  0x0121b3f1
                  0x0121b3f4
                  0x0121b3fe
                  0x0121b404
                  0x0121b409
                  0x0121b40e
                  0x0121b410
                  0x0121b410
                  0x0121b414
                  0x0121b414
                  0x0121b41b
                  0x0121b420
                  0x0121b423
                  0x0121b425
                  0x0121b427
                  0x0121b42a
                  0x0121b42d
                  0x0121b42d
                  0x0121b42a
                  0x0121b432
                  0x0121b436
                  0x0121b438
                  0x0121b43b
                  0x0121b43b
                  0x0121b449
                  0x0121b44e
                  0x0121b454
                  0x0121b458
                  0x0121b458
                  0x0121b45d
                  0x00000000
                  0x0121b45d
                  0x0121b3ed
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011cd7df
                  0x011cd7d2
                  0x011cd7ca
                  0x0121b37c
                  0x0121b37e
                  0x0121b385
                  0x0121b38a
                  0x00000000
                  0x0121b38a
                  0x011cd742
                  0x011cd7f1
                  0x011cd7f8
                  0x0121b49b
                  0x0121b49b
                  0x011cd800
                  0x011cd837
                  0x011cd843
                  0x011cd845
                  0x011cd847
                  0x011cd84a
                  0x011cd84b
                  0x011cd84e
                  0x011cd857
                  0x011cd802
                  0x011cd802
                  0x011cd80d
                  0x00000000
                  0x011cd818
                  0x011cd818
                  0x011cd824
                  0x011cd831
                  0x0121b4a5
                  0x0121b4ab
                  0x0121b4b3
                  0x0121b4b8
                  0x0121b4bb
                  0x00000000
                  0x0121b4c1
                  0x0121b4c1
                  0x0121b4c8
                  0x00000000
                  0x0121b4ce
                  0x0121b4d4
                  0x0121b4e1
                  0x0121b4e3
                  0x0121b4e5
                  0x00000000
                  0x0121b4eb
                  0x0121b4f0
                  0x0121b4f2
                  0x011cdac9
                  0x011cdacc
                  0x011cdacf
                  0x011cdad1
                  0x011cdd78
                  0x011cdd78
                  0x011cdcf2
                  0x00000000
                  0x011cdad7
                  0x011cdad9
                  0x011cdadb
                  0x00000000
                  0x00000000
                  0x011cdae1
                  0x011cdae1
                  0x011cdae4
                  0x011cdae6
                  0x0121b4f9
                  0x0121b4f9
                  0x0121b500
                  0x011cdaec
                  0x011cdaec
                  0x011cdaf5
                  0x011cdaf8
                  0x011cdafb
                  0x011cdb03
                  0x011cdb11
                  0x011cdb16
                  0x011cdb19
                  0x011cdb1b
                  0x0121b52c
                  0x0121b531
                  0x0121b534
                  0x011cdb21
                  0x011cdb21
                  0x011cdb24
                  0x011cdcd9
                  0x011cdce2
                  0x011cdce5
                  0x011cdd6a
                  0x011cdd6d
                  0x00000000
                  0x011cdd73
                  0x0121b51a
                  0x0121b51c
                  0x0121b51f
                  0x0121b524
                  0x00000000
                  0x0121b524
                  0x011cdce7
                  0x011cdce7
                  0x011cdce7
                  0x00000000
                  0x011cdce7
                  0x00000000
                  0x011cdb2a
                  0x011cdb2c
                  0x011cdb31
                  0x011cdb33
                  0x011cdb36
                  0x011cdb39
                  0x011cdb3b
                  0x011cdb66
                  0x011cdb66
                  0x011cdb3d
                  0x011cdb3d
                  0x011cdb3e
                  0x011cdb46
                  0x011cdb47
                  0x011cdb49
                  0x011cdb4c
                  0x011cdb53
                  0x011cdb55
                  0x011cdb58
                  0x011cdb5a
                  0x0121b50a
                  0x0121b50f
                  0x0121b512
                  0x011cdb60
                  0x011cdb60
                  0x011cdb63
                  0x011cdb63
                  0x00000000
                  0x011cdb63
                  0x011cdb5a
                  0x011cdb3b
                  0x011cdb24
                  0x011cdb69
                  0x011cdb69
                  0x011cdb6c
                  0x011cdb6f
                  0x011cdb74
                  0x0121b557
                  0x0121b557
                  0x0121b55e
                  0x011cdb7a
                  0x011cdb7c
                  0x011cdb7f
                  0x011cdb82
                  0x011cdb85
                  0x00000000
                  0x011cdb8b
                  0x011cdb8b
                  0x011cdb8d
                  0x011cdb9b
                  0x011cdb9b
                  0x011cdb9d
                  0x011cdba0
                  0x011cdba2
                  0x011cdba4
                  0x011cdba7
                  0x011cdba9
                  0x011cdbae
                  0x011cdbae
                  0x011cdbb1
                  0x011cdbb4
                  0x011cdbb4
                  0x011cdbb7
                  0x011cdbba
                  0x011cdcd2
                  0x011cdcd4
                  0x00000000
                  0x011cdbc0
                  0x011cdbc0
                  0x011cdbd2
                  0x011cdbd7
                  0x011cdbda
                  0x011cdbdd
                  0x011cdbdf
                  0x00000000
                  0x011cdbe5
                  0x011cdbe5
                  0x011cdbee
                  0x011cdbf1
                  0x0121b541
                  0x0121b544
                  0x00000000
                  0x0121b546
                  0x0121b546
                  0x00000000
                  0x0121b546
                  0x011cdbf7
                  0x011cdbf7
                  0x011cdbfd
                  0x011cdbfd
                  0x011cdbff
                  0x011cdc0b
                  0x011cdc15
                  0x011cdc1b
                  0x011cdc1d
                  0x011cdc21
                  0x011cdc21
                  0x011cdc23
                  0x011cdc23
                  0x011cdc26
                  0x011cdc29
                  0x011cdc2b
                  0x00000000
                  0x00000000
                  0x011cdc31
                  0x011cdc34
                  0x011cdc36
                  0x011cdcbf
                  0x011cdcbf
                  0x011cdcc2
                  0x00000000
                  0x011cdc3c
                  0x011cdc41
                  0x011cdc43
                  0x00000000
                  0x011cdc45
                  0x011cdc45
                  0x011cdc47
                  0x00000000
                  0x011cdc4d
                  0x011cdc4d
                  0x011cdc50
                  0x011cdc52
                  0x011cdc55
                  0x011cdcfa
                  0x011cdcfe
                  0x011cdd08
                  0x011cdd0a
                  0x011cdd0c
                  0x00000000
                  0x011cdd12
                  0x011cdd15
                  0x011cdd2d
                  0x011cdd2f
                  0x011cdd32
                  0x011cdd35
                  0x00000000
                  0x011cdd35
                  0x011cdc5b
                  0x011cdc5b
                  0x011cdc5e
                  0x011cdc61
                  0x011cdc64
                  0x011cdc67
                  0x011cdc67
                  0x011cdc6a
                  0x011cdc6c
                  0x011cdc8e
                  0x011cdc8e
                  0x011cdc91
                  0x011cdc93
                  0x011cdcce
                  0x011cdcce
                  0x011cdc95
                  0x011cdc9c
                  0x011cdc6e
                  0x011cdc72
                  0x011cdc75
                  0x011cdc77
                  0x011cdc79
                  0x0121b551
                  0x0121b551
                  0x00000000
                  0x011cdc7f
                  0x011cdc7f
                  0x011cdc81
                  0x00000000
                  0x011cdc83
                  0x011cdc86
                  0x011cdc88
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011cdc88
                  0x011cdc81
                  0x011cdc79
                  0x011cdc6c
                  0x011cdc55
                  0x011cdc47
                  0x011cdc43
                  0x00000000
                  0x011cdc36
                  0x011cdc23
                  0x00000000
                  0x011cdbff
                  0x011cdbf1
                  0x011cdbdf
                  0x011cdb8f
                  0x011cdb92
                  0x011cdb95
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011cdb95
                  0x011cdb8d
                  0x011cdb85
                  0x011cdb74
                  0x011cdc9f
                  0x011cdca2
                  0x011cdcb0
                  0x011cdcb0
                  0x011cdad1
                  0x0121b4e5
                  0x0121b4c8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011cd831
                  0x011cd80d
                  0x00000000
                  0x011cd800
                  0x0121b47f
                  0x0121b485
                  0x00000000
                  0x0121b485
                  0x011cd665
                  0x011cd652
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID:
                  • API String ID: 3446177414-0
                  • Opcode ID: 24e0e9ded785e69af25006e802d8bae706ea0e33329363a772234c4901011100
                  • Instruction ID: 1c70a497b5a411b7f93c97ee1b51d6a8735b48d53588989ec180fcb1bf953fb2
                  • Opcode Fuzzy Hash: 24e0e9ded785e69af25006e802d8bae706ea0e33329363a772234c4901011100
                  • Instruction Fuzzy Hash: 9AE1F430A0075ACFEF39DF68D884B6AB7B1BF65B08F0541ADDA0957291D7309D81CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E011E513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x12ad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E011FD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E011D2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L011D4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E011FF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E011CFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x12ab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E011FB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                  0x011e5142
                  0x011e514c
                  0x011e5150
                  0x011e5157
                  0x011e5159
                  0x011e515e
                  0x011e5165
                  0x011e5169
                  0x011e516c
                  0x011e5172
                  0x011e5176
                  0x011e517a
                  0x011e517a
                  0x011e517a
                  0x011e517f
                  0x01226d8b
                  0x01226d8e
                  0x01226d91
                  0x01226d95
                  0x01226d98
                  0x01226d9c
                  0x01226da0
                  0x01226da3
                  0x01226da7
                  0x01226e26
                  0x01226e26
                  0x01226e2a
                  0x011e51f9
                  0x011e51f9
                  0x011e51fe
                  0x01226e33
                  0x01226e33
                  0x01226e39
                  0x01226e3d
                  0x01226e46
                  0x01226e50
                  0x00000000
                  0x00000000
                  0x01226e52
                  0x01226e53
                  0x01226e56
                  0x01226e5d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01226e5f
                  0x01226e67
                  0x01226e77
                  0x01226e7f
                  0x01226e80
                  0x01226e88
                  0x01226e90
                  0x01226e9f
                  0x01226ea5
                  0x01226ea9
                  0x01226eb1
                  0x01226ebf
                  0x00000000
                  0x00000000
                  0x01226ecf
                  0x01226ed3
                  0x00000000
                  0x00000000
                  0x01226edb
                  0x01226ede
                  0x01226ee1
                  0x01226ee8
                  0x01226eeb
                  0x01226eed
                  0x01226ef0
                  0x01226ef4
                  0x01226ef8
                  0x01226efc
                  0x00000000
                  0x00000000
                  0x01226f0d
                  0x01226f11
                  0x01226f32
                  0x01226f37
                  0x01226f3b
                  0x01226f3e
                  0x01226f41
                  0x01226f46
                  0x00000000
                  0x00000000
                  0x01226f4c
                  0x01226f50
                  0x01226f50
                  0x01226f54
                  0x01226f62
                  0x01226f65
                  0x01226f6d
                  0x01226f7b
                  0x01226f7b
                  0x01226f93
                  0x01226f98
                  0x01226fa0
                  0x01226fa6
                  0x01226fb3
                  0x01226fb6
                  0x01226fbf
                  0x01226fc1
                  0x01226fd5
                  0x01226fda
                  0x01226fda
                  0x01226fdd
                  0x01226fe2
                  0x01226fe7
                  0x01226feb
                  0x01226fef
                  0x01226ff3
                  0x011e520c
                  0x011e520c
                  0x011e520f
                  0x011e5215
                  0x011e5234
                  0x011e523a
                  0x011e523a
                  0x011e5244
                  0x011e5245
                  0x011e5246
                  0x011e5251
                  0x011e5251
                  0x01226f13
                  0x01226f17
                  0x01226f17
                  0x01226f18
                  0x01226f1b
                  0x01226f1f
                  0x01226f23
                  0x00000000
                  0x01226f28
                  0x011e5204
                  0x011e5204
                  0x011e5208
                  0x00000000
                  0x011e5208
                  0x011e5185
                  0x011e5188
                  0x011e518a
                  0x011e518e
                  0x011e5195
                  0x01226db1
                  0x01226db5
                  0x01226db9
                  0x011e519b
                  0x011e519b
                  0x011e519e
                  0x011e51a7
                  0x011e51a9
                  0x011e51a9
                  0x011e51b5
                  0x011e51b8
                  0x011e51bb
                  0x011e51be
                  0x011e51c1
                  0x011e51c5
                  0x011e51c9
                  0x011e51cd
                  0x011e51cd
                  0x011e51d8
                  0x011e51dc
                  0x011e51e0
                  0x01226dcc
                  0x01226dd0
                  0x01226dd5
                  0x01226ddd
                  0x01226de1
                  0x01226de1
                  0x01226de5
                  0x01226deb
                  0x01226df1
                  0x01226df7
                  0x01226dfd
                  0x01226e01
                  0x01226e05
                  0x01226e09
                  0x01226e0d
                  0x01226e11
                  0x01226e11
                  0x011e51eb
                  0x01226e1a
                  0x01226e1f
                  0x01226e21
                  0x01226e23
                  0x00000000
                  0x011e51f1
                  0x011e51f1
                  0x00000000
                  0x011e51f1

                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID:
                  • API String ID: 3446177414-0
                  • Opcode ID: 1f3b0674270dab76facbaae894d0948bb3624fb7939d6e70f300c6cc7679ddfa
                  • Instruction ID: a803ce735fd583fa48149c9c0aeda92fd5fd217b978bedb9e08f8ea8d93e7cc5
                  • Opcode Fuzzy Hash: 1f3b0674270dab76facbaae894d0948bb3624fb7939d6e70f300c6cc7679ddfa
                  • Instruction Fuzzy Hash: 69C113755083819FD358CF28C580A6AFBF2BF88308F18496EF9998B352D771E945CB42
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E03E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E011E03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x12ad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E011E0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E011FB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E011CB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x12a7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E011D7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E011D7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01237016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E011F9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E012369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x12a7c04 != 0) {
						_t118 = _v12;
						_t120 = E0123A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x12a7bd8;
						if( *0x12a7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E011F95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E011F99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01233540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E011BB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E011FAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x12a8474 - 3;
										if( *0x12a8474 != 3) {
											 *0x12a79dc =  *0x12a79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E011D7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E011D7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01237016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x12a8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x12a7b00; // 0x0
							asm("ror esi, cl");
							 *0x12ab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E011F95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E011C7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                  0x011e03f1
                  0x011e03f7
                  0x011e03f9
                  0x011e03fb
                  0x011e03fd
                  0x011e0400
                  0x011e040a
                  0x01224c7a
                  0x011e0537
                  0x011e0547
                  0x011e0410
                  0x011e0410
                  0x011e0414
                  0x011e0417
                  0x011e041a
                  0x011e0421
                  0x011e0424
                  0x011e042b
                  0x011e043b
                  0x011e043e
                  0x011e043f
                  0x011e043f
                  0x011e0446
                  0x011e0449
                  0x011e044c
                  0x011e044f
                  0x011e0459
                  0x01224c8d
                  0x011e045f
                  0x011e045f
                  0x011e045f
                  0x011e0467
                  0x01224c97
                  0x01224c9d
                  0x01224ca4
                  0x01224caa
                  0x01224caf
                  0x01224cb1
                  0x01224cc3
                  0x01224cb3
                  0x01224cbc
                  0x01224cbc
                  0x01224cc8
                  0x01224ccb
                  0x01224cd7
                  0x01224cda
                  0x01224cdf
                  0x01224cdf
                  0x01224ccb
                  0x01224ca4
                  0x011e046d
                  0x011e046f
                  0x011e046f
                  0x011e0471
                  0x011e0476
                  0x011e047a
                  0x011e047b
                  0x011e0483
                  0x011e0489
                  0x011e048d
                  0x00000000
                  0x00000000
                  0x01224ce9
                  0x01224cef
                  0x01224d22
                  0x01224d22
                  0x00000000
                  0x01224d22
                  0x01224cf1
                  0x01224cf7
                  0x00000000
                  0x00000000
                  0x01224cf9
                  0x01224cff
                  0x00000000
                  0x00000000
                  0x01224d05
                  0x01224d07
                  0x00000000
                  0x00000000
                  0x01224d0d
                  0x01224d0f
                  0x01224d14
                  0x01224d16
                  0x00000000
                  0x00000000
                  0x01224d1c
                  0x01224d1c
                  0x011e0499
                  0x011e0535
                  0x011e0535
                  0x00000000
                  0x011e0535
                  0x011e04a6
                  0x01224d2c
                  0x01224d37
                  0x01224d39
                  0x01224d3b
                  0x00000000
                  0x00000000
                  0x01224d41
                  0x01224d48
                  0x011e0527
                  0x011e052b
                  0x011e052d
                  0x011e0530
                  0x011e0530
                  0x00000000
                  0x011e052b
                  0x01224d4e
                  0x011e04ac
                  0x011e04ac
                  0x011e04af
                  0x011e04b2
                  0x011e04b7
                  0x011e04b9
                  0x011e04bb
                  0x011e04bd
                  0x011e04bf
                  0x011e04c5
                  0x011e04c9
                  0x01224d53
                  0x01224d59
                  0x01224db9
                  0x01224dba
                  0x01224dbf
                  0x01224dc2
                  0x01224dc4
                  0x01224dc7
                  0x01224dce
                  0x00000000
                  0x01224dce
                  0x01224d5b
                  0x01224d61
                  0x00000000
                  0x00000000
                  0x01224d63
                  0x01224d69
                  0x00000000
                  0x00000000
                  0x01224d6b
                  0x01224d6e
                  0x01224d74
                  0x01224d76
                  0x01224d7c
                  0x01224d7e
                  0x01224d84
                  0x01224d89
                  0x01224d8c
                  0x01224d8d
                  0x01224d92
                  0x01224d95
                  0x01224d96
                  0x01224d98
                  0x01224d9a
                  0x01224d9f
                  0x01224da4
                  0x01224da6
                  0x01224da8
                  0x01224daf
                  0x01224db1
                  0x01224db1
                  0x01224daf
                  0x01224da6
                  0x01224d84
                  0x01224d7c
                  0x00000000
                  0x01224d74
                  0x011e04d6
                  0x01224de1
                  0x011e04dc
                  0x011e04dc
                  0x011e04dc
                  0x011e04e4
                  0x01224deb
                  0x01224df1
                  0x01224df8
                  0x01224dfe
                  0x01224e03
                  0x01224e05
                  0x01224e17
                  0x01224e07
                  0x01224e10
                  0x01224e10
                  0x01224e1c
                  0x01224e1f
                  0x01224e35
                  0x01224e35
                  0x01224e1f
                  0x01224df8
                  0x011e04f1
                  0x011e04fa
                  0x01224e3f
                  0x01224e47
                  0x01224e5b
                  0x01224e61
                  0x01224e67
                  0x01224e69
                  0x01224e71
                  0x01224e73
                  0x011e0500
                  0x011e0500
                  0x011e0500
                  0x011e04fa
                  0x011e0508
                  0x011e051d
                  0x011e051d
                  0x011e051f
                  0x011e0524
                  0x00000000
                  0x011e0524
                  0x011e0515
                  0x011e0517
                  0x01224e7a
                  0x01224e7c
                  0x00000000
                  0x00000000
                  0x01224e85
                  0x00000000
                  0x01224e85
                  0x00000000
                  0x011e0517

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f847981cad62361a98a5a0190ffd74f09edae6dad06bee10b02f95b10b3ed3f8
                  • Instruction ID: 6bdad1b192a2988084324a1299aff4d58e827a1e239107abdeb86c068b0a9f57
                  • Opcode Fuzzy Hash: f847981cad62361a98a5a0190ffd74f09edae6dad06bee10b02f95b10b3ed3f8
                  • Instruction Fuzzy Hash: 02912C31F00666AFEB39ABACD848BBD7BE4AF05714F050265FA11AB2D1D7B49D40C781
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E011DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x12ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E011D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01288CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E011F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E011FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E011FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E011D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01288F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E011FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x12a8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x12a862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x12a8628; // 0x0
							_t116 =  *0x12a862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                  0x011db94c
                  0x011db956
                  0x011db95c
                  0x011db95e
                  0x011db964
                  0x011db969
                  0x011db96d
                  0x011db96d
                  0x011db970
                  0x011db974
                  0x011db97a
                  0x011dbadf
                  0x011dbadf
                  0x011dbae2
                  0x011dbae4
                  0x011dbae6
                  0x011dbaf0
                  0x01222cb8
                  0x011dbaf6
                  0x011dbaf6
                  0x011dbaf6
                  0x011dbafd
                  0x011dbb1f
                  0x011dbb1f
                  0x011dbaff
                  0x011dbb00
                  0x011dbb00
                  0x011dbb03
                  0x011dbb03
                  0x011dbacb
                  0x011dbacf
                  0x011dbad0
                  0x011dbad1
                  0x011dbadc
                  0x011dbadc
                  0x011db980
                  0x011db980
                  0x011db988
                  0x011db98b
                  0x011db98d
                  0x011db990
                  0x011db993
                  0x011db999
                  0x011db99b
                  0x011db9a1
                  0x011db9a5
                  0x011db9aa
                  0x011db9b0
                  0x011db9bb
                  0x011db9c0
                  0x011db9c3
                  0x011db9ca
                  0x011db9cc
                  0x011db9cf
                  0x011db9d3
                  0x011db9d7
                  0x011dba94
                  0x011dba94
                  0x011dba98
                  0x011dbaa3
                  0x01222ccb
                  0x011dbaa9
                  0x011dbaa9
                  0x011dbaa9
                  0x011dbab1
                  0x01222cd5
                  0x01222cdd
                  0x01222cdd
                  0x011dbabb
                  0x011dbabc
                  0x011dbac2
                  0x011dbac3
                  0x011dbac3
                  0x011dbac6
                  0x00000000
                  0x011db9dd
                  0x011db9dd
                  0x011db9e7
                  0x011db9e7
                  0x011db9ec
                  0x011db9ec
                  0x011db9f1
                  0x011db9f5
                  0x011db9fa
                  0x011dba00
                  0x011dba0c
                  0x011dba10
                  0x011dba10
                  0x011dba12
                  0x011dba18
                  0x00000000
                  0x00000000
                  0x011dbb26
                  0x011dbb26
                  0x011dba1e
                  0x011dba1e
                  0x011dba23
                  0x011dba25
                  0x011dba2c
                  0x011dba30
                  0x011dba35
                  0x011dba35
                  0x011dba41
                  0x011dba46
                  0x011dba4c
                  0x011dba50
                  0x011dba54
                  0x011dba6a
                  0x011dba6e
                  0x011dba70
                  0x011dba74
                  0x011dba78
                  0x011dba7a
                  0x011dba7c
                  0x011dba8e
                  0x011dba90
                  0x011dba92
                  0x011dbb14
                  0x011dbb14
                  0x011dbb16
                  0x011dbb16
                  0x00000000
                  0x011dba7c
                  0x011dbb0a
                  0x011dbb0d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011dbb0f

                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011DB9A5
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID:
                  • API String ID: 885266447-0
                  • Opcode ID: cc331b03bbf186101478d61a0eae821cc911cceb1707ddd53df3c610077da511
                  • Instruction ID: 045f427b9d02d8951e8d0a2443e127f22ce330568b6950a314db4e5da8978778
                  • Opcode Fuzzy Hash: cc331b03bbf186101478d61a0eae821cc911cceb1707ddd53df3c610077da511
                  • Instruction Fuzzy Hash: D45169B1A08341CFC728DF29C08092BFBE5FB89644F56496EF68687355E731E840CB96
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E011BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x128f7a8);
				E0120D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0120D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E011FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E011FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E0120DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E011FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E011FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E011FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E011FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                  0x011bb171
                  0x011bb171
                  0x011bb171
                  0x011bb171
                  0x011bb171
                  0x011bb176
                  0x011bb17b
                  0x011bb180
                  0x011bb186
                  0x011bb18f
                  0x011bb198
                  0x011bb1a4
                  0x011bb1aa
                  0x01214802
                  0x01214802
                  0x01214805
                  0x0121480c
                  0x0121480e
                  0x011bb1d1
                  0x011bb1d3
                  0x011bb1de
                  0x011bb1de
                  0x01214817
                  0x0121481e
                  0x01214820
                  0x01214822
                  0x01214822
                  0x01214824
                  0x01214824
                  0x0121482a
                  0x00000000
                  0x00000000
                  0x01214835
                  0x0121483a
                  0x0121483d
                  0x0121483f
                  0x01214842
                  0x01214842
                  0x01214842
                  0x01214846
                  0x0121484c
                  0x0121484e
                  0x01214851
                  0x01214851
                  0x01214853
                  0x01214854
                  0x01214854
                  0x01214858
                  0x0121485a
                  0x0121485a
                  0x0121485d
                  0x0121485f
                  0x01214861
                  0x01214861
                  0x01214866
                  0x0121486b
                  0x0121486e
                  0x01214871
                  0x01214876
                  0x01214876
                  0x01214878
                  0x0121487b
                  0x01214884
                  0x01214884
                  0x00000000
                  0x0121487d
                  0x0121487d
                  0x01214882
                  0x01214889
                  0x01214889
                  0x0121488f
                  0x01214891
                  0x012148e0
                  0x012148e2
                  0x012148e4
                  0x012148e4
                  0x012148e7
                  0x012148e7
                  0x012148ed
                  0x012148f4
                  0x012148f6
                  0x01214951
                  0x01214951
                  0x01214953
                  0x01214953
                  0x01214956
                  0x01214956
                  0x01214958
                  0x01214959
                  0x01214959
                  0x0121495d
                  0x0121495d
                  0x0121495f
                  0x0121495f
                  0x01214965
                  0x01214969
                  0x012149ba
                  0x012149ba
                  0x012149c1
                  0x012149c5
                  0x012149cc
                  0x012149d4
                  0x012149d7
                  0x012149da
                  0x012149e4
                  0x012149e5
                  0x012149f3
                  0x01214a02
                  0x00000000
                  0x01214a02
                  0x01214972
                  0x01214974
                  0x00000000
                  0x00000000
                  0x01214976
                  0x01214979
                  0x01214982
                  0x01214983
                  0x01214984
                  0x0121498b
                  0x0121498d
                  0x01214991
                  0x01214993
                  0x01214999
                  0x0121499d
                  0x012149a2
                  0x012149a2
                  0x012149a2
                  0x01214999
                  0x012149ac
                  0x00000000
                  0x012149b3
                  0x012148f8
                  0x012148fe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x012148fe
                  0x01214895
                  0x0121489c
                  0x012148ad
                  0x012148b2
                  0x012148b5
                  0x012148b7
                  0x012148ba
                  0x012148bc
                  0x012148c6
                  0x012148c6
                  0x012148cb
                  0x012148d1
                  0x012148d4
                  0x012148d8
                  0x012148d8
                  0x00000000
                  0x012148d8
                  0x012148be
                  0x012148c0
                  0x00000000
                  0x00000000
                  0x012148c2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x012148c4
                  0x00000000
                  0x01214882
                  0x0121487b
                  0x01214904
                  0x01214906
                  0x00000000
                  0x00000000
                  0x01214908
                  0x0121490e
                  0x00000000
                  0x00000000
                  0x01214910
                  0x01214917
                  0x01214917
                  0x00000000
                  0x01214917
                  0x011bb1ba
                  0x012147f9
                  0x012147fc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x012147fc
                  0x011bb1c0
                  0x011bb1c0
                  0x011bb1c3
                  0x011bb1cb
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: _vswprintf_s
                  • String ID:
                  • API String ID: 677850445-0
                  • Opcode ID: 9eb7729f9dd061c229f3098708756eeac49c8e70a269f5f9c61cd5b57c72d61d
                  • Instruction ID: f1e927a61a09f4d173d27f4388ae11677dce757bbeb99497544261cfdceea5fe
                  • Opcode Fuzzy Hash: 9eb7729f9dd061c229f3098708756eeac49c8e70a269f5f9c61cd5b57c72d61d
                  • Instruction Fuzzy Hash: 44510471D2029A8EDF35EF68C840BBEBBF1AF10314F1142ADD95DAB286D7704941CB81
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F4A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 58%
                  			E011F4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x12ad360 ^ _t62;
				_v8 =  *0x12ad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E011D2280(_t26, 0x12a8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E011CFFB0(_t41, _t51, 0x12a8608);
						L2:
						 *0x12ab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E011FB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E011D2280(_t28, 0x12a8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E011CFFB0(_t42, _t53, 0x12a8608);
							if(_t53 != 0) {
								L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E011CFFB0(_t41, _t51, 0x12a8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                  0x011f4a2c
                  0x011f4a34
                  0x011f4a3c
                  0x011f4a3e
                  0x011f4a48
                  0x011f4a4b
                  0x011f4a4d
                  0x011f4a51
                  0x011f4a9c
                  0x00000000
                  0x00000000
                  0x011f4aa3
                  0x011f4aa8
                  0x011f4aad
                  0x011f4ab1
                  0x011f4ade
                  0x011f4ae3
                  0x011f4a5a
                  0x011f4a62
                  0x011f4a6a
                  0x011f4a6e
                  0x0122f203
                  0x011f4a84
                  0x011f4a88
                  0x011f4a89
                  0x011f4a8a
                  0x011f4a95
                  0x011f4a95
                  0x011f4a79
                  0x011f4a80
                  0x011f4af2
                  0x011f4af4
                  0x011f4af9
                  0x011f4aff
                  0x011f4b01
                  0x011f4b03
                  0x011f4b08
                  0x0122f20a
                  0x0122f212
                  0x0122f216
                  0x0122f216
                  0x011f4b08
                  0x011f4b13
                  0x011f4b1a
                  0x0122f229
                  0x0122f229
                  0x011f4b1a
                  0x011f4a82
                  0x00000000
                  0x011f4a82
                  0x011f4ab7
                  0x011f4acd
                  0x011f4acd
                  0x011f4ad5
                  0x011f4ada
                  0x00000000
                  0x011f4ada
                  0x011f4ac2
                  0x011f4acb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011f4acb
                  0x011f4a53
                  0x011f4a53
                  0x011f4a58
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID:
                  • API String ID: 3446177414-0
                  • Opcode ID: 4e8ab50cc875ad9022ab41d041a9587004e1ea3611da6726eb2df668c9f3e753
                  • Instruction ID: ef13842bea2a5402807155d4a6d2ec19abd0c0b4b05aebf8beba8c92d1f554d2
                  • Opcode Fuzzy Hash: 4e8ab50cc875ad9022ab41d041a9587004e1ea3611da6726eb2df668c9f3e753
                  • Instruction Fuzzy Hash: B73100322156129FD72ADF18C944B2BBBA5FF81B14F45452DEA560BA41C7B0E808CB8A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011D0050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E011D0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x12ad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E011E9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E011FB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01288A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E011E9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x12ab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                  0x011d0055
                  0x011d005d
                  0x011d0062
                  0x011d006c
                  0x011d006f
                  0x011d0074
                  0x011d007a
                  0x011d007a
                  0x011d0080
                  0x011d0080
                  0x011d0087
                  0x011d008d
                  0x011d008f
                  0x011d0093
                  0x011d0095
                  0x011d009b
                  0x011d00f8
                  0x011d00fb
                  0x011d00fc
                  0x011d00ff
                  0x011d0108
                  0x011d0108
                  0x011d00a2
                  0x011d00a6
                  0x011d00b3
                  0x011d00bc
                  0x011d00c5
                  0x011d00ca
                  0x0121c01e
                  0x00000000
                  0x00000000
                  0x0121c02d
                  0x011d00d5
                  0x011d00d9
                  0x0121c03d
                  0x0121c046
                  0x0121c046
                  0x011d00df
                  0x011d00e2
                  0x011d00ea
                  0x011d00ef
                  0x011d00f2
                  0x011d00f6
                  0x011d0111
                  0x011d0117
                  0x011d0117
                  0x00000000
                  0x011d00f6
                  0x011d00d0
                  0x011d00d0
                  0x00000000

                  APIs
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID:
                  • API String ID: 3446177414-0
                  • Opcode ID: 5b3cd9f715b6a3c0a99a9765fa0b13651d73f90785575574eb7cb3bbf40fe64f
                  • Instruction ID: d973027fddd481245191ff1804bd10f2fb90d451f4687e4d42d10ea7cfded6d9
                  • Opcode Fuzzy Hash: 5b3cd9f715b6a3c0a99a9765fa0b13651d73f90785575574eb7cb3bbf40fe64f
                  • Instruction Fuzzy Hash: 7431CC31201B04DFD72ACF2CC844BAAB7E5FF88754F14856DE59A87B90EB75A801CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 83%
                  			E011E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				signed char _t245;
				signed int _t254;
				signed int _t256;
				intOrPtr _t258;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t279;
				intOrPtr _t285;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				unsigned int _t295;
				signed int _t299;
				signed int* _t300;
				signed int _t301;
				signed int _t305;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;
				signed char _t343;
				void* _t344;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0x12ad360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0x12ab2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t295 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t344 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t285 = 0x48;
				_t315 = 0 | _t344 == 0x00000000;
				_t326 = 0;
				_v37 = _t344 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t285 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L011D4620(_t295,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t285);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t315 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t285;
							_t287 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t315;
							if(_t315 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t315 - 0x12a8478;
								 *_t333 = ((0 | _t315 == 0x012a8478) - 0x00000001 & 0xfffffffb) + 7;
								E011FF3E0(_t328,  *((intOrPtr*)(_t315 + 4)),  *_t315 & 0x0000ffff);
								_t315 = _v32;
								_t341 = _t341 + 0xc;
								_t287 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t315 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t279 = E012439F2(_t328);
									_t315 = _v32;
									_t328 = _t279;
								}
							}
							_t299 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t289 = _t333 + _t287 * 4;
								_v56 = _t289;
								do {
									__eflags = _t315;
									if(_t315 != 0) {
										_t240 =  *(_v60 + _t299 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t289 =  *(_v60 + _t299 * 4);
										 *(_t289 + 0x18) = _t328;
										_t244 =  *(_v60 + _t299 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M011E2959))) {
												case 0:
													__ax =  *0x12a8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E011FF3E0(__edi,  *0x12a848c, __ax & 0x0000ffff);
														__eax =  *0x12a8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E011FF3E0(_t328, _v80, _v64);
													_t274 = _v64;
													goto L26;
												case 2:
													 *0x12a8480 & 0x0000ffff = E011FF3E0(__edi,  *0x12a8484,  *0x12a8480 & 0x0000ffff);
													__eax =  *0x12a8480 & 0x0000ffff;
													__eax = ( *0x12a8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E011FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E011FF3E0(_t328, _v76, _v36);
														_t274 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t328 = _t328 + (_t274 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t276);
													 *((short*)(_t328 - 2)) = _t276;
													goto L28;
												case 6:
													__ebx = "\\WIw\\WIw";
													__eflags = __ebx - "\\WIw\\WIw";
													if(__ebx != "\\WIw\\WIw") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E011FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\WIw\\WIw";
														} while (__ebx != "\\WIw\\WIw");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x12a8478 & 0x0000ffff = E011FF3E0(__edi,  *0x12a847c,  *0x12a8478 & 0x0000ffff);
													__eax =  *0x12a8478 & 0x0000ffff;
													__eax = ( *0x12a8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E012439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x12a6e58 & 0x0000ffff = E011FF3E0(__edi,  *0x12a6e5c,  *0x12a6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x12a6e58 & 0x0000ffff;
													__eax = ( *0x12a6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t299 = _v16;
													_t315 = _v32;
													L29:
													_t289 = _t289 + 4;
													__eflags = _t289;
													_v56 = _t289;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t299 = _t299 + 1;
									_v16 = _t299;
									__eflags = _t299 - _v48;
								} while (_t299 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t244 =  *(_v60 + _t326 * 4);
						if(_t244 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t244 * 4 +  &M011E2935))) {
							case 0:
								__ax =  *0x12a8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t315 =  &_v64;
								_v80 = E011E2E3E(0,  &_v64);
								_t285 = _t285 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x12a8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x12a8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E011CEEF0(0x12a79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E011CEB70(__ecx, 0x12a79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t295 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x12a7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E011CEB70(__ecx, 0x12a79a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t338;
										_pop(_t286);
										return E011FB640(_t219, _t286, _v8 ^ _t338, _t315, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t281 = _v56;
								if(_v56 != 0) {
									_t315 =  &_v36;
									_t283 = E011E2E3E(_t281,  &_v36);
									_t295 = _v36;
									_v76 = _t283;
								}
								if(_t295 == 0) {
									goto L44;
								} else {
									_t285 = _t285 + 2 + _t295;
								}
								goto L14;
							case 6:
								__eax =  *0x12a5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x12a8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x12a8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x12a6e58 & 0x0000ffff;
								__eax = ( *0x12a6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t315 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t300 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					_push(ds);
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t341;
					_push(ds);
					_t245 = _t244 + _t341;
					asm("daa");
					_push(ds);
					 *_t333 =  *_t333 + _t338;
					_push(ds);
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t245;
					 *0x1f011e26 =  *0x1f011e26 + _t245;
					_t290 = ds;
					_t247 = _t341;
					_t343 = _t245 &  *_t300;
					 *_t333 =  *_t333 - _t290;
					 *0x201225b =  *0x201225b + _t333;
					 *_t333 =  *_t333 - _t290;
					 *((intOrPtr*)(_t247 - 0x9fee1d8)) =  *((intOrPtr*)(_t341 - 0x9fee1d8)) + _t341;
					asm("daa");
					_push(ds);
					 *_t333 =  *_t333 + _t290;
					 *_t333 =  *_t333 - _t290;
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t300;
					_push(ds);
					_a35 = _a35 + _t290;
					_t291 = ds;
					_push(ds);
					 *((intOrPtr*)(_t343 + _t291 * 2)) =  *((intOrPtr*)(_t343 + _t291 * 2)) + _t333;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x128ff00);
					E0120D08C(_t291, _t328, _t333);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t292 = _a12;
					__eflags = _t292;
					if(_t292 == 0) {
						_t254 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t256 = 4;
						while(1) {
							_v40 = _t256;
							__eflags = _t256;
							if(_t256 == 0) {
								break;
							}
							_t305 = _t256 * 0xc;
							_v48 = _t305;
							__eflags = _t292 -  *((intOrPtr*)(_t305 + 0x1191664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t271 = E011FE5C0(_a8,  *((intOrPtr*)(_t305 + 0x1191668)), _t292);
									_t343 = _t343 + 0xc;
									__eflags = _t271;
									if(__eflags == 0) {
										_t336 = E012351BE(_t292,  *((intOrPtr*)(_v48 + 0x119166c)), _a16, _t329, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t256 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t256 = _t256 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t301 = _a4;
								__eflags = _t301;
								if(_t301 != 0) {
									_v36 = _t301;
									__eflags =  *_t301 - _t329;
									if( *_t301 == _t329) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t258 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t258 + 0x48)) - _t301;
										if( *((intOrPtr*)(_t258 + 0x48)) == _t301) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t336 = E011E2AE4( &_v36, _a8, _t292, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t301 = _v36;
													goto L75;
												}
											} else {
												_t261 = E011C6600( *(_t317 + 0x1c));
												__eflags = _t261;
												if(_t261 != 0) {
													goto L106;
												} else {
													_t301 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E011E2C50(_t301, _a8, _t292, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E011CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t268 = E011E2AE4( &_v36, _a8, _t292, _a16, _a20, _t336);
									_v32 = _t268;
									__eflags = _t268 - 0xc0000100;
									if(_t268 == 0xc0000100) {
										_v32 = E011E2C50(_v36, _a8, _t292, _a16, _a20, _t336, 1);
									}
									_v8 = _t329;
									E011E2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t254 = _t336;
					}
					L70:
					return E0120D0D1(_t254);
				}
				L108:
			}






















































                  0x011e2584
                  0x011e2586
                  0x011e2590
                  0x011e2596
                  0x011e2597
                  0x011e2598
                  0x011e2599
                  0x011e259e
                  0x011e25a4
                  0x011e25a9
                  0x011e25ac
                  0x011e25ae
                  0x011e25b1
                  0x011e25b2
                  0x011e25b5
                  0x011e25b8
                  0x011e25bb
                  0x011e25bc
                  0x011e25bf
                  0x011e25c2
                  0x011e25c5
                  0x011e25c6
                  0x011e25cb
                  0x011e25ce
                  0x011e25d8
                  0x011e25db
                  0x011e25dd
                  0x011e25de
                  0x011e25e1
                  0x011e25e3
                  0x011e25e9
                  0x011e26da
                  0x011e26da
                  0x011e26dd
                  0x011e26e2
                  0x01225b56
                  0x00000000
                  0x011e26e8
                  0x011e26f9
                  0x011e26fb
                  0x011e26fe
                  0x011e2700
                  0x01225b60
                  0x00000000
                  0x011e2706
                  0x011e2706
                  0x011e270a
                  0x011e270a
                  0x011e270d
                  0x011e2713
                  0x011e2716
                  0x011e2718
                  0x011e271c
                  0x011e271e
                  0x01225b6c
                  0x01225b6f
                  0x01225b7f
                  0x01225b89
                  0x01225b8e
                  0x01225b93
                  0x01225b96
                  0x01225b9c
                  0x01225ba0
                  0x01225ba3
                  0x01225bab
                  0x01225bb0
                  0x01225bb3
                  0x01225bb3
                  0x01225ba3
                  0x011e2724
                  0x011e2726
                  0x011e2729
                  0x011e272c
                  0x011e279d
                  0x011e279d
                  0x011e27a0
                  0x011e27a2
                  0x00000000
                  0x011e272e
                  0x011e272e
                  0x011e2731
                  0x011e2734
                  0x011e2734
                  0x011e2736
                  0x01225bc1
                  0x01225bc1
                  0x01225bc4
                  0x00000000
                  0x01225bca
                  0x01225bca
                  0x01225bcd
                  0x00000000
                  0x01225bd3
                  0x00000000
                  0x01225bd3
                  0x01225bcd
                  0x011e273c
                  0x011e273c
                  0x011e2742
                  0x011e2747
                  0x011e274a
                  0x011e274d
                  0x011e2750
                  0x00000000
                  0x011e2756
                  0x011e2756
                  0x00000000
                  0x011e2902
                  0x011e2908
                  0x011e290b
                  0x00000000
                  0x011e2911
                  0x011e291c
                  0x011e2921
                  0x00000000
                  0x011e2921
                  0x00000000
                  0x00000000
                  0x011e2880
                  0x011e2887
                  0x011e288c
                  0x00000000
                  0x00000000
                  0x011e2805
                  0x011e280a
                  0x011e2814
                  0x011e2816
                  0x00000000
                  0x00000000
                  0x011e281e
                  0x011e2821
                  0x011e2823
                  0x00000000
                  0x011e2829
                  0x011e2829
                  0x011e2831
                  0x011e283c
                  0x011e283e
                  0x00000000
                  0x011e283e
                  0x00000000
                  0x00000000
                  0x011e284e
                  0x011e2850
                  0x011e2851
                  0x011e2854
                  0x011e2857
                  0x011e285a
                  0x011e285c
                  0x011e285d
                  0x00000000
                  0x00000000
                  0x011e275d
                  0x011e2761
                  0x00000000
                  0x011e2767
                  0x011e276e
                  0x011e2773
                  0x011e2773
                  0x011e2776
                  0x011e2778
                  0x011e277e
                  0x011e277e
                  0x011e2781
                  0x011e2781
                  0x011e2783
                  0x011e2784
                  0x00000000
                  0x00000000
                  0x01225bd8
                  0x01225bde
                  0x01225be4
                  0x01225be6
                  0x01225be8
                  0x01225be9
                  0x01225bee
                  0x01225bf8
                  0x01225bff
                  0x01225c01
                  0x01225c04
                  0x01225c07
                  0x01225c0b
                  0x01225c0d
                  0x01225c0d
                  0x01225c15
                  0x01225c18
                  0x01225c1b
                  0x01225c1b
                  0x01225c1e
                  0x00000000
                  0x00000000
                  0x011e28c3
                  0x011e28c8
                  0x011e28d2
                  0x011e28d4
                  0x011e28d8
                  0x011e28db
                  0x01225c26
                  0x01225c28
                  0x01225c2d
                  0x01225c2d
                  0x00000000
                  0x00000000
                  0x01225c34
                  0x01225c36
                  0x01225c49
                  0x01225c4e
                  0x01225c54
                  0x01225c5b
                  0x01225c5d
                  0x01225c60
                  0x011e2788
                  0x011e2788
                  0x011e278b
                  0x011e278e
                  0x011e278e
                  0x011e278e
                  0x011e2791
                  0x00000000
                  0x00000000
                  0x011e2756
                  0x011e2750
                  0x00000000
                  0x011e2794
                  0x011e2794
                  0x011e2795
                  0x011e2798
                  0x011e2798
                  0x00000000
                  0x011e2734
                  0x011e272c
                  0x011e2700
                  0x011e25ef
                  0x011e25ef
                  0x011e25ef
                  0x011e25f2
                  0x011e25f8
                  0x00000000
                  0x00000000
                  0x011e25fe
                  0x00000000
                  0x011e28e6
                  0x011e28ec
                  0x011e28ef
                  0x011e28f5
                  0x011e28f8
                  0x011e28f8
                  0x00000000
                  0x011e28f8
                  0x00000000
                  0x00000000
                  0x011e2866
                  0x011e2866
                  0x011e2876
                  0x011e2879
                  0x00000000
                  0x00000000
                  0x011e27e0
                  0x011e27e7
                  0x011e27e9
                  0x011e27eb
                  0x01225afd
                  0x00000000
                  0x01225afd
                  0x00000000
                  0x00000000
                  0x011e2633
                  0x011e2638
                  0x011e263b
                  0x011e263c
                  0x011e263e
                  0x011e2640
                  0x011e2642
                  0x011e2647
                  0x011e2649
                  0x011e264e
                  0x011e2650
                  0x011e2653
                  0x011e2659
                  0x011e26a2
                  0x011e26a7
                  0x011e26ac
                  0x011e26b2
                  0x01225b11
                  0x01225b15
                  0x01225b17
                  0x00000000
                  0x011e26b8
                  0x011e26b8
                  0x011e26ba
                  0x011e27a6
                  0x011e27a6
                  0x011e27a9
                  0x011e27ab
                  0x011e27b9
                  0x011e27b9
                  0x011e27be
                  0x011e27c1
                  0x011e27c3
                  0x011e27c5
                  0x011e27c7
                  0x01225c74
                  0x01225c79
                  0x01225c79
                  0x011e27c7
                  0x00000000
                  0x011e26c0
                  0x011e26c0
                  0x011e26c3
                  0x011e26c6
                  0x011e26c6
                  0x011e26c9
                  0x011e26c9
                  0x00000000
                  0x011e26c9
                  0x011e26ba
                  0x011e265b
                  0x011e265b
                  0x011e265e
                  0x011e2667
                  0x011e266d
                  0x011e2677
                  0x011e267c
                  0x011e267f
                  0x011e2681
                  0x01225b49
                  0x01225b4e
                  0x011e27cd
                  0x011e27d0
                  0x011e27d1
                  0x011e27d2
                  0x011e27d4
                  0x011e27dd
                  0x011e2687
                  0x011e2687
                  0x011e268a
                  0x011e268b
                  0x011e268e
                  0x011e268f
                  0x011e2691
                  0x011e2696
                  0x011e2698
                  0x011e269d
                  0x011e269f
                  0x00000000
                  0x011e269f
                  0x011e2681
                  0x00000000
                  0x00000000
                  0x011e2846
                  0x00000000
                  0x00000000
                  0x011e2605
                  0x011e260a
                  0x011e260c
                  0x011e2611
                  0x011e2616
                  0x011e2619
                  0x011e2619
                  0x011e261e
                  0x00000000
                  0x011e2624
                  0x011e2627
                  0x011e2627
                  0x00000000
                  0x00000000
                  0x01225b1f
                  0x00000000
                  0x00000000
                  0x011e2894
                  0x011e289b
                  0x011e289d
                  0x011e28a1
                  0x01225b2b
                  0x01225b2e
                  0x01225b2e
                  0x011e28a7
                  0x011e28a9
                  0x01225b04
                  0x01225b09
                  0x01225b09
                  0x01225b09
                  0x00000000
                  0x00000000
                  0x01225b35
                  0x01225b3c
                  0x011e28fb
                  0x011e28fb
                  0x011e26cc
                  0x011e26cc
                  0x011e26d0
                  0x00000000
                  0x011e26d2
                  0x011e26d2
                  0x00000000
                  0x011e26d2
                  0x00000000
                  0x00000000
                  0x011e25fe
                  0x011e292d
                  0x011e292f
                  0x011e2930
                  0x011e2935
                  0x011e2937
                  0x011e2938
                  0x011e293b
                  0x011e293c
                  0x011e293e
                  0x011e293f
                  0x011e2940
                  0x011e2942
                  0x011e2944
                  0x011e2948
                  0x011e294e
                  0x011e2951
                  0x011e2951
                  0x011e2952
                  0x011e2954
                  0x011e295a
                  0x011e295c
                  0x011e2962
                  0x011e2963
                  0x011e2964
                  0x011e2966
                  0x011e2968
                  0x011e296b
                  0x011e296c
                  0x011e2972
                  0x011e2977
                  0x011e2978
                  0x011e297d
                  0x011e297e
                  0x011e297f
                  0x011e2980
                  0x011e2981
                  0x011e2982
                  0x011e2983
                  0x011e2984
                  0x011e2985
                  0x011e2986
                  0x011e2987
                  0x011e2988
                  0x011e2989
                  0x011e298a
                  0x011e298b
                  0x011e298c
                  0x011e298d
                  0x011e298e
                  0x011e298f
                  0x011e2990
                  0x011e2992
                  0x011e2997
                  0x011e29a3
                  0x011e29a6
                  0x011e29ab
                  0x011e29ad
                  0x011e29b0
                  0x011e29b2
                  0x01225c80
                  0x011e29b8
                  0x011e29b8
                  0x011e29bb
                  0x011e29c0
                  0x011e29c5
                  0x011e29c6
                  0x011e29c6
                  0x011e29c9
                  0x011e29cb
                  0x00000000
                  0x00000000
                  0x011e29cd
                  0x011e29d0
                  0x011e29d9
                  0x011e29db
                  0x011e29dd
                  0x011e2a7f
                  0x011e2a84
                  0x011e2a87
                  0x011e2a89
                  0x01225ca1
                  0x01225ca3
                  0x00000000
                  0x011e2a8f
                  0x011e2a8f
                  0x00000000
                  0x011e2a8f
                  0x00000000
                  0x011e29e3
                  0x011e29e3
                  0x011e29e3
                  0x00000000
                  0x011e29e3
                  0x011e29dd
                  0x00000000
                  0x011e29db
                  0x011e29e6
                  0x011e29e9
                  0x011e29eb
                  0x011e29ed
                  0x011e29f3
                  0x011e29f5
                  0x011e29f8
                  0x011e29fa
                  0x011e2a97
                  0x011e2a9a
                  0x011e2a9d
                  0x011e2add
                  0x00000000
                  0x011e2a9f
                  0x011e2aa2
                  0x011e2aa5
                  0x011e2aa8
                  0x011e2aab
                  0x01225cab
                  0x01225caf
                  0x01225cc5
                  0x01225cda
                  0x01225cdc
                  0x01225cdf
                  0x01225ce5
                  0x00000000
                  0x01225ceb
                  0x01225ced
                  0x01225cee
                  0x00000000
                  0x01225cee
                  0x01225cb1
                  0x01225cb4
                  0x01225cb9
                  0x01225cbb
                  0x00000000
                  0x01225cbd
                  0x01225cbd
                  0x00000000
                  0x01225cbd
                  0x01225cbb
                  0x011e2ab1
                  0x011e2ab1
                  0x011e2ac4
                  0x011e2ac6
                  0x011e2ac6
                  0x00000000
                  0x011e2ac6
                  0x011e2aab
                  0x00000000
                  0x011e2a00
                  0x011e2a09
                  0x011e2a0e
                  0x011e2a21
                  0x011e2a24
                  0x011e2a35
                  0x011e2a3a
                  0x011e2a3d
                  0x011e2a42
                  0x011e2a59
                  0x011e2a59
                  0x011e2a5c
                  0x011e2a5f
                  0x011e2a5f
                  0x011e29fa
                  0x011e29f3
                  0x011e2a64
                  0x011e2a64
                  0x011e2a6b
                  0x011e2a6b
                  0x011e2a6d
                  0x011e2a72
                  0x011e2a72
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: PATH
                  • API String ID: 0-1036084923
                  • Opcode ID: 5861ab6beb33c0b6b319957942540f356632861d16314f6b02ac622679884751
                  • Instruction ID: d63bbfbf2532cb4d8a0abdced286ce05b515f13b4f17dfd06883c71e45358b27
                  • Opcode Fuzzy Hash: 5861ab6beb33c0b6b319957942540f356632861d16314f6b02ac622679884751
                  • Instruction Fuzzy Hash: A1C1C271D50A1ADBCB2CDF98D895BADBBF5FF58700F494029E901AB250E7749841CB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BC962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                  Download Yara Rule
                  C-Code - Quality: 42%
                  			E011BC962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x12ad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E011CEEF0(0x12a70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0123F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E011CEB70(_t29, 0x12a70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E011FB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0123F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x12a70c0; // 0x0
					while(_t38 != 0x12a70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x12ab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                  0x011bc96a
                  0x011bc974
                  0x011bc988
                  0x011bc98a
                  0x01227c9d
                  0x01227c9f
                  0x01227ca4
                  0x01227cae
                  0x01227cf0
                  0x01227cf5
                  0x01227cfa
                  0x011bc992
                  0x011bc996
                  0x011bc997
                  0x011bc998
                  0x011bc9a3
                  0x011bc9a3
                  0x01227cb0
                  0x01227cb7
                  0x01227cbb
                  0x00000000
                  0x00000000
                  0x01227cbd
                  0x01227ce8
                  0x01227cc5
                  0x01227cc8
                  0x01227cca
                  0x01227cd0
                  0x01227cd6
                  0x01227cde
                  0x01227ce4
                  0x01227ce4
                  0x01227cd0
                  0x00000000
                  0x01227ce8
                  0x011bc990
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cf33701f400f3b3ba71bb9c50dd63966fadd60291e6b4640b5ef94226f05f098
                  • Instruction ID: 8242088a0a2f97089f0a492823d29646fcaaceb8451a483071f9ec84f2ad864a
                  • Opcode Fuzzy Hash: cf33701f400f3b3ba71bb9c50dd63966fadd60291e6b4640b5ef94226f05f098
                  • Instruction Fuzzy Hash: B411E131728617AFC724AF3CEC85A6B7BE5BBA4614F40052DEA4183651DF61EC14CBD2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E011EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E011CEEF0(0x12a7b60);
					_t134 =  *0x12a7b84; // 0x77497b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x12a7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x12a7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E011C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E011C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01258938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E011BB150();
													}
													_t116 = E01256D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E011C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x12a8638; // 0x0
																	_t122 = L011C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E011C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E011C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L011EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L011C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E011EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E011EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E011EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E011EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E011EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x12a7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x12a7b84 = _t75;
						_t73 = E011CEB70(_t134, 0x12a7b60);
						if( *0x12a7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E011CFF60( *0x12a7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                  0x011efab0
                  0x011efab2
                  0x011efab3
                  0x011efab4
                  0x011efabc
                  0x011efac0
                  0x011efb14
                  0x011efb17
                  0x011efac2
                  0x011efac8
                  0x011efacd
                  0x011efad3
                  0x011efad3
                  0x011efadd
                  0x011efb18
                  0x011efb1b
                  0x011efb1d
                  0x011efb1e
                  0x011efb1f
                  0x011efb20
                  0x011efb21
                  0x011efb22
                  0x011efb23
                  0x011efb24
                  0x011efb25
                  0x011efb26
                  0x011efb27
                  0x011efb28
                  0x011efb29
                  0x011efb2a
                  0x011efb2b
                  0x011efb2c
                  0x011efb2d
                  0x011efb2e
                  0x011efb2f
                  0x011efb3a
                  0x011efb3b
                  0x011efb3e
                  0x011efb41
                  0x011efb44
                  0x011efb47
                  0x011efb4a
                  0x011efb4d
                  0x011efb53
                  0x0122bdcb
                  0x0122bdcb
                  0x011efb59
                  0x011efb5b
                  0x011efb5b
                  0x011efb5e
                  0x0122bdd5
                  0x0122bdd8
                  0x00000000
                  0x0122bdda
                  0x00000000
                  0x0122bdda
                  0x011efb64
                  0x011efb64
                  0x011efb64
                  0x011efb67
                  0x011efb6e
                  0x011efb70
                  0x011efb72
                  0x00000000
                  0x011efb78
                  0x011efb7a
                  0x011efb7a
                  0x011efb7d
                  0x011efb80
                  0x0122bddf
                  0x0122bde1
                  0x00000000
                  0x0122bde3
                  0x00000000
                  0x0122bde3
                  0x011efb86
                  0x011efb86
                  0x011efb86
                  0x011efb8b
                  0x011efb90
                  0x011efb92
                  0x011efb94
                  0x011efb9a
                  0x011efb9b
                  0x011efba1
                  0x0122bde8
                  0x0122bdeb
                  0x0122bded
                  0x0122beb5
                  0x0122beb5
                  0x0122bebb
                  0x0122bebd
                  0x0122bec3
                  0x0122bed2
                  0x0122bedd
                  0x0122bedd
                  0x0122beed
                  0x00000000
                  0x0122bdf3
                  0x0122bdfe
                  0x0122be06
                  0x0122be0b
                  0x0122be0d
                  0x0122be0f
                  0x0122be14
                  0x0122be19
                  0x0122be20
                  0x0122be25
                  0x0122be27
                  0x0122be35
                  0x0122be39
                  0x0122be46
                  0x0122be4f
                  0x0122be54
                  0x0122be56
                  0x0122bef8
                  0x0122bef8
                  0x00000000
                  0x0122be5c
                  0x0122be5c
                  0x0122be60
                  0x00000000
                  0x0122be66
                  0x0122be66
                  0x0122be7f
                  0x0122be84
                  0x0122be87
                  0x0122be89
                  0x0122be8b
                  0x0122be99
                  0x0122be9d
                  0x0122bea0
                  0x0122beac
                  0x0122beaf
                  0x0122beb1
                  0x0122beb3
                  0x0122beb3
                  0x00000000
                  0x0122bea2
                  0x0122bea2
                  0x00000000
                  0x0122bea2
                  0x0122be8d
                  0x0122be8d
                  0x0122be92
                  0x00000000
                  0x0122be92
                  0x0122be8b
                  0x0122be60
                  0x0122be3b
                  0x0122be3b
                  0x0122be3e
                  0x00000000
                  0x0122be40
                  0x0122be40
                  0x0122be44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0122be44
                  0x0122be3e
                  0x0122be29
                  0x0122be29
                  0x00000000
                  0x0122be29
                  0x0122be27
                  0x00000000
                  0x011efba7
                  0x011efba7
                  0x011efbab
                  0x0122bf02
                  0x011efbb1
                  0x011efbb1
                  0x011efbb8
                  0x011efbbd
                  0x011efbbd
                  0x011efbbf
                  0x011efbbf
                  0x011efbc5
                  0x011efbcb
                  0x011efbf8
                  0x011efbf8
                  0x011efbfa
                  0x00000000
                  0x011efc00
                  0x011efc00
                  0x011efc03
                  0x00000000
                  0x011efc09
                  0x011efc09
                  0x011efc0f
                  0x011efc15
                  0x011efc23
                  0x011efc23
                  0x011efc25
                  0x011efc27
                  0x011efc75
                  0x011efc7c
                  0x011efc84
                  0x00000000
                  0x011efc29
                  0x011efc29
                  0x011efc2d
                  0x011efc30
                  0x0122bf0f
                  0x00000000
                  0x011efc36
                  0x011efc38
                  0x011efc3b
                  0x011efc41
                  0x0122bf17
                  0x0122bf19
                  0x0122bf48
                  0x0122bf4b
                  0x00000000
                  0x0122bf1b
                  0x0122bf22
                  0x0122bf24
                  0x0122bf26
                  0x00000000
                  0x0122bf2c
                  0x0122bf37
                  0x0122bf39
                  0x0122bf3b
                  0x00000000
                  0x0122bf41
                  0x0122bf41
                  0x0122bf41
                  0x0122bf41
                  0x0122bf45
                  0x00000000
                  0x0122bf45
                  0x0122bf3b
                  0x0122bf26
                  0x00000000
                  0x011efc47
                  0x011efc47
                  0x011efc49
                  0x011efcb2
                  0x011efcb4
                  0x011efcb6
                  0x011efcdc
                  0x011efcdc
                  0x00000000
                  0x011efcb8
                  0x011efcc3
                  0x011efcc5
                  0x011efcc7
                  0x00000000
                  0x011efcc9
                  0x011efcc9
                  0x011efccd
                  0x00000000
                  0x011efccd
                  0x011efcc7
                  0x00000000
                  0x011efc4b
                  0x011efc4b
                  0x011efc4e
                  0x011efc4e
                  0x011efc51
                  0x011efc51
                  0x011efc54
                  0x011efc5a
                  0x011efc5c
                  0x011efc5f
                  0x011efc61
                  0x011efc63
                  0x011efc65
                  0x011efc67
                  0x011efc6e
                  0x011efc72
                  0x011efc72
                  0x011efc72
                  0x011efc72
                  0x011efc67
                  0x011efc61
                  0x00000000
                  0x011efc5a
                  0x011efc49
                  0x011efc41
                  0x011efc30
                  0x011efc27
                  0x011efc03
                  0x011efbcd
                  0x011efbd3
                  0x011efbd9
                  0x011efbdc
                  0x011efbde
                  0x011efc99
                  0x011efc9b
                  0x011efc9d
                  0x011efcd5
                  0x011efcd5
                  0x011efc89
                  0x011efc89
                  0x00000000
                  0x011efc9f
                  0x011efc9f
                  0x011efca3
                  0x00000000
                  0x011efca3
                  0x00000000
                  0x011efbe4
                  0x011efbe4
                  0x011efbe4
                  0x011efbe4
                  0x011efbe9
                  0x011efbf2
                  0x00000000
                  0x011efbf2
                  0x011efbde
                  0x011efbcb
                  0x011efbab
                  0x011efc8b
                  0x011efc8b
                  0x011efc8c
                  0x011efb80
                  0x011efb72
                  0x011efb5e
                  0x011efc8d
                  0x011efc91
                  0x011efadf
                  0x011efadf
                  0x011efae1
                  0x011efae4
                  0x011efae7
                  0x011efaec
                  0x011efaf8
                  0x011efb00
                  0x011efb07
                  0x011efb0f
                  0x011efb0f
                  0x011efb07
                  0x00000000
                  0x011efaf8
                  0x011efadd

                  Strings
                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0122BE0F
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                  • API String ID: 0-865735534
                  • Opcode ID: 884c189e2f207e31f60259e048dccf1a1e950b97f6055f37bf7e84ccb7608e28
                  • Instruction ID: d846618d3c4f335024044f49bbff6e8e560decc8608a948014673dd1a624575e
                  • Opcode Fuzzy Hash: 884c189e2f207e31f60259e048dccf1a1e950b97f6055f37bf7e84ccb7608e28
                  • Instruction Fuzzy Hash: 2CA11871B10A179BEB29CFA8C458B7EB7E5AF44724F14456DEE06CB681DB30D802CB81
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                  Download Yara Rule
                  C-Code - Quality: 63%
                  			E011B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x12a5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x12a7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E011F97C0();
				}
				if( *0x12a79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x12a79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E011E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E011D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0124FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E011F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E011EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E0120DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x12a6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x12a6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E011F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E011F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E011D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E011D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01237016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0124FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x12a5350;
							if(_t109 != 0x12a5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0124FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01245720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                  0x011b2d8a
                  0x011b2d8a
                  0x011b2d92
                  0x011b2d96
                  0x011b2d9e
                  0x011b2da0
                  0x011b2da3
                  0x011b2da5
                  0x011b2da8
                  0x011b2dab
                  0x011b2db2
                  0x0120f9aa
                  0x0120f9ab
                  0x0120f9ae
                  0x0120f9ae
                  0x011b2db8
                  0x011b2dc2
                  0x0120f9b9
                  0x0120f9be
                  0x0120f9bf
                  0x0120f9bf
                  0x011b2dcf
                  0x0120f9c9
                  0x011b2dd5
                  0x011b2dd5
                  0x011b2dd5
                  0x011b2dde
                  0x011b2de1
                  0x011b2e70
                  0x011b2e72
                  0x011b2e72
                  0x011b2de7
                  0x011b2deb
                  0x011b2e7c
                  0x011b2e83
                  0x011b2e85
                  0x011b2e8b
                  0x011b2e8d
                  0x011b2e92
                  0x011b2e92
                  0x011b2e85
                  0x011b2df1
                  0x011b2df7
                  0x011b2df9
                  0x011b2df9
                  0x011b2dfc
                  0x011b2dff
                  0x011b2e02
                  0x00000000
                  0x011b2e05
                  0x011b2e0c
                  0x0120f9d9
                  0x011b2e12
                  0x011b2e12
                  0x011b2e12
                  0x011b2e1a
                  0x0120f9e3
                  0x0120f9e9
                  0x0120f9f0
                  0x0120f9f6
                  0x0120f9f8
                  0x0120f9f8
                  0x0120f9f0
                  0x011b2e23
                  0x0120fa02
                  0x0120fa03
                  0x0120fa05
                  0x0120fa06
                  0x00000000
                  0x011b2e29
                  0x011b2e29
                  0x011b2e2e
                  0x011b2e34
                  0x011b2e3e
                  0x00000000
                  0x00000000
                  0x011b2e44
                  0x011b2e47
                  0x011b2e4d
                  0x00000000
                  0x00000000
                  0x011b2e4f
                  0x011b2e54
                  0x00000000
                  0x00000000
                  0x011b2e5a
                  0x011b2e5f
                  0x011b2e9a
                  0x011b2ea4
                  0x011b2ea5
                  0x011b2ea8
                  0x011b2eaf
                  0x011b2eb2
                  0x011b2eb5
                  0x0120fae9
                  0x0120faeb
                  0x0120faed
                  0x0120faef
                  0x0120faf7
                  0x0120faf8
                  0x0120fafd
                  0x0120faff
                  0x0120fb04
                  0x0120fb04
                  0x0120faff
                  0x011b2ec0
                  0x011b2ec4
                  0x011b2ec6
                  0x011b2ec8
                  0x0120fb14
                  0x0120fb18
                  0x0120fb1e
                  0x0120fb21
                  0x0120fb21
                  0x011b2ece
                  0x011b2ece
                  0x011b2ece
                  0x011b2ed7
                  0x011b2e61
                  0x011b2e63
                  0x0120fa6b
                  0x0120fa71
                  0x0120fa76
                  0x0120fa78
                  0x0120fa8a
                  0x0120fa7a
                  0x0120fa83
                  0x0120fa83
                  0x0120fa8f
                  0x0120fa91
                  0x0120fa97
                  0x0120fa9d
                  0x0120faa4
                  0x0120faaa
                  0x0120faaf
                  0x0120fab1
                  0x0120fac3
                  0x0120fab3
                  0x0120fabc
                  0x0120fabc
                  0x0120fac8
                  0x0120facb
                  0x0120fadf
                  0x0120fadf
                  0x0120facb
                  0x0120faa4
                  0x0120fa91
                  0x011b2e6f
                  0x011b2e6f
                  0x011b2e5f
                  0x0120fa13
                  0x0120fa15
                  0x0120fa17
                  0x0120fa1f
                  0x0120fa21
                  0x0120fa22
                  0x0120fa25
                  0x0120fa28
                  0x0120fa2f
                  0x0120fa2f
                  0x0120fa2a
                  0x0120fa2a
                  0x0120fa2a
                  0x0120fa31
                  0x0120fa34
                  0x0120fa36
                  0x0120fa3c
                  0x0120fa3e
                  0x0120fa41
                  0x0120fa43
                  0x0120fa45
                  0x0120fa45
                  0x0120fa41
                  0x0120fa3c
                  0x0120fa4a
                  0x0120fa4f
                  0x0120fa51
                  0x0120fa53
                  0x0120fa56
                  0x0120fa5b
                  0x0120fa5e
                  0x00000000
                  0x0120fa5e
                  0x011b2e23

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Re-Waiting
                  • API String ID: 0-316354757
                  • Opcode ID: 4f4e0e49b26bdccdd1b1cc1e6d8a7e60ba1d75ddc1cb6477fbaa21edcf3a555a
                  • Instruction ID: 265ec59b01da68ebc742e1ab742a9062571da02dd64991e36d3a16c3ebca5e0f
                  • Opcode Fuzzy Hash: 4f4e0e49b26bdccdd1b1cc1e6d8a7e60ba1d75ddc1cb6477fbaa21edcf3a555a
                  • Instruction Fuzzy Hash: 4C615731A506069FDB3BDF6CC984BBE7BA0EB44714F150769EA11972C2C734B945C782
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01280EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E01280EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0127FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01281074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E011F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0127A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0127A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x12a8b04 >> 0x14) + (_v44 -  *0x12a8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E011D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0127138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E011D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0126FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x12a8724 & 0x00000008) != 0) {
						E012752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E012815B5(0x12a8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                  0x01280eb7
                  0x01280eb9
                  0x01280ec0
                  0x01280ec2
                  0x01280ecd
                  0x0128105b
                  0x0128105b
                  0x01281061
                  0x01281066
                  0x01281066
                  0x0128106b
                  0x01281073
                  0x01281073
                  0x01280ed3
                  0x01280ed6
                  0x01280edc
                  0x01280ee0
                  0x01280ee7
                  0x01280ef0
                  0x01280ef5
                  0x01280efa
                  0x01280efc
                  0x01280efd
                  0x01280f03
                  0x01280f04
                  0x01280f06
                  0x01280f07
                  0x01280f09
                  0x01280f0e
                  0x01280f14
                  0x01280f23
                  0x01280f2d
                  0x01280f34
                  0x01280f34
                  0x01280f14
                  0x01280f52
                  0x00000000
                  0x00000000
                  0x01280f58
                  0x01280f73
                  0x01280f74
                  0x01280f79
                  0x01280f7d
                  0x01280f80
                  0x01280f86
                  0x01280fab
                  0x01280fb5
                  0x01280fc6
                  0x01280fd1
                  0x01280fe3
                  0x01280fd3
                  0x01280fdc
                  0x01280fdc
                  0x01280feb
                  0x01281009
                  0x01281009
                  0x01281015
                  0x01281027
                  0x01281017
                  0x01281020
                  0x01281020
                  0x0128102f
                  0x0128103c
                  0x0128103c
                  0x01281048
                  0x01281050
                  0x01281050
                  0x01281055
                  0x00000000
                  0x01281055
                  0x01280f88
                  0x01280f9e
                  0x01280fa2
                  0x01280fa9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01280fa9
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: `
                  • API String ID: 0-2679148245
                  • Opcode ID: cec4271577805ed3d916bf3d002122631e30ee2e0af316c49d0aaea1b7ae1bd2
                  • Instruction ID: 9b37db8c8f96b134c83b339a36645464a6492a8ceb11daff8bd5f1873d46fb68
                  • Opcode Fuzzy Hash: cec4271577805ed3d916bf3d002122631e30ee2e0af316c49d0aaea1b7ae1bd2
                  • Instruction Fuzzy Hash: 5B519F713153429FD325EF18D885B2BBBE5EB84714F04492CFA96972D1DA70E806CB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E011EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E011D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E011F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E011F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E011F95D0();
							goto L11;
						} else {
							_t109 = L011D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E011FF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E011F95D0();
										L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                  0x011ef0d3
                  0x011ef0d9
                  0x011ef0e0
                  0x011ef0e7
                  0x011ef0f2
                  0x011ef0f4
                  0x011ef0f8
                  0x011ef100
                  0x011ef108
                  0x011ef10d
                  0x011ef115
                  0x011ef116
                  0x011ef11f
                  0x011ef123
                  0x011ef124
                  0x011ef12c
                  0x011ef130
                  0x011ef134
                  0x011ef13d
                  0x011ef144
                  0x011ef14b
                  0x011ef152
                  0x0122bab0
                  0x0122bab0
                  0x011ef158
                  0x011ef158
                  0x011ef15a
                  0x011ef160
                  0x011ef165
                  0x011ef166
                  0x011ef16f
                  0x011ef173
                  0x0122baa7
                  0x0122baa7
                  0x0122baab
                  0x00000000
                  0x011ef179
                  0x011ef18d
                  0x011ef191
                  0x0122baa2
                  0x00000000
                  0x011ef197
                  0x011ef19b
                  0x011ef1a2
                  0x011ef1a9
                  0x011ef1af
                  0x011ef1b2
                  0x011ef1b6
                  0x011ef1b9
                  0x011ef1c4
                  0x011ef1d8
                  0x011ef1df
                  0x011ef1e3
                  0x011ef1eb
                  0x011ef1ee
                  0x011ef1f4
                  0x011ef20f
                  0x0122bab7
                  0x0122babb
                  0x0122bacc
                  0x0122bad1
                  0x011ef215
                  0x011ef218
                  0x011ef226
                  0x011ef22b
                  0x00000000
                  0x011ef22b
                  0x011ef1f6
                  0x011ef1f6
                  0x011ef1f9
                  0x011ef1fb
                  0x011ef1fb
                  0x011ef1f4
                  0x011ef191
                  0x011ef173
                  0x011ef152
                  0x011ef203

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: @
                  • API String ID: 0-2766056989
                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                  • Instruction ID: 6c7b13b0ae976d9d0f0d919969081a218434888a121ffe8fa9eb32693e881fbe
                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                  • Instruction Fuzzy Hash: 8151AF72104716AFC324DF58C840A6BBBF4FF58714F00892EFA9587690E7B4E945CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01233540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E01233540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x12ad360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E011F0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01233706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E011FFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01233540;
						E011FFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0120DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01240C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E011F97C0();
					}
					return E011FB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01233971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01233884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E011FFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E011F9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01233787(_a4,  &_v352, _t80);
						}
					}
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E011F95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                  0x01233552
                  0x0123355a
                  0x0123355d
                  0x01233566
                  0x01233567
                  0x0123357e
                  0x0123358f
                  0x012335a1
                  0x012335a5
                  0x0123366b
                  0x0123366b
                  0x0123366d
                  0x01233672
                  0x01233679
                  0x01233685
                  0x0123368d
                  0x0123369d
                  0x012336a7
                  0x012336b8
                  0x012336c6
                  0x012336c7
                  0x012336dc
                  0x012336e1
                  0x012336e7
                  0x012336e9
                  0x012336e9
                  0x01233703
                  0x01233703
                  0x012335b5
                  0x012335c0
                  0x012335c4
                  0x00000000
                  0x00000000
                  0x012335ca
                  0x012335d7
                  0x012335e2
                  0x012335e6
                  0x012335e8
                  0x012335f5
                  0x012335fa
                  0x01233603
                  0x01233604
                  0x01233609
                  0x0123360a
                  0x01233612
                  0x01233613
                  0x0123361e
                  0x01233622
                  0x01233628
                  0x0123362f
                  0x0123362f
                  0x01233636
                  0x01233638
                  0x0123363b
                  0x01233642
                  0x01233642
                  0x01233636
                  0x01233657
                  0x01233657
                  0x0123365c
                  0x01233662
                  0x01233669
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryHash
                  • API String ID: 0-2202222882
                  • Opcode ID: f39eda21c018857632a33588ee98baea84b820002145317dc89c6af9849f5067
                  • Instruction ID: f11a8243ecaaa1723b2d99864ab7b5f13cfb037458f959155051686750d06848
                  • Opcode Fuzzy Hash: f39eda21c018857632a33588ee98baea84b820002145317dc89c6af9849f5067
                  • Instruction Fuzzy Hash: 534124F291052D9FDB21DA50CC84FEEB77CAB54718F0045A5E709AB240DB709F898F98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012805AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E012805AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E012807DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E011F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0127A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0127A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01281293(_t79, _v40, E012807DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E011D7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0127138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                  0x012805c5
                  0x012805ca
                  0x012805d3
                  0x012806db
                  0x012806db
                  0x012806dd
                  0x012806e3
                  0x012806e3
                  0x012805dd
                  0x012805e7
                  0x012805f6
                  0x01280600
                  0x01280607
                  0x01280610
                  0x01280615
                  0x0128061a
                  0x0128061c
                  0x0128061e
                  0x01280624
                  0x01280625
                  0x01280627
                  0x01280628
                  0x01280631
                  0x01280640
                  0x0128064d
                  0x01280654
                  0x01280654
                  0x01280631
                  0x0128066d
                  0x01280674
                  0x00000000
                  0x00000000
                  0x01280692
                  0x0128069e
                  0x012806b0
                  0x012806a0
                  0x012806a9
                  0x012806a9
                  0x012806b8
                  0x012806d6
                  0x012806d6
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: `
                  • API String ID: 0-2679148245
                  • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                  • Instruction ID: 1cc3f9a54bde63265f827186fca8a9d96d7ec58bd52fab1ffde9c3561c21b2f0
                  • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                  • Instruction Fuzzy Hash: 3E31F3322107166FE720EE29CC45F9B7BD9AB84758F184229FA549B2C0D770E918CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01233884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E01233884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E011F9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L011D4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E011F9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                  0x01233893
                  0x01233896
                  0x01233899
                  0x0123389f
                  0x012338a0
                  0x012338a4
                  0x012338a9
                  0x012338ac
                  0x012338ad
                  0x012338ae
                  0x012338af
                  0x012338b1
                  0x012338b4
                  0x012338bb
                  0x012338bc
                  0x012338bd
                  0x012338c4
                  0x012338c8
                  0x012338ca
                  0x012338ca
                  0x012338d5
                  0x0123393e
                  0x01233940
                  0x01233942
                  0x01233952
                  0x01233954
                  0x01233961
                  0x01233961
                  0x01233967
                  0x0123396e
                  0x0123396e
                  0x01233947
                  0x0123394c
                  0x00000000
                  0x0123394c
                  0x012338ea
                  0x012338ee
                  0x012338f8
                  0x012338f9
                  0x012338ff
                  0x01233900
                  0x01233902
                  0x01233903
                  0x0123390b
                  0x0123390f
                  0x01233950
                  0x00000000
                  0x01233950
                  0x01233915
                  0x0123391d
                  0x0123391d
                  0x01233922
                  0x01233926
                  0x00000000
                  0x01233928
                  0x0123392b
                  0x0123392b
                  0x01233935
                  0x01233937
                  0x01233937
                  0x00000000
                  0x01233935
                  0x01233926
                  0x012338f0
                  0x00000000

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryName
                  • API String ID: 0-215506332
                  • Opcode ID: 552e7281ce77bc9290f5ce763efc3185d13c79c345cee774fb8a569c28278d44
                  • Instruction ID: 9d0a14dc5656cdeda187f1ae645dd9c5fdb01763e10d67ea00d3914a96fbc3d0
                  • Opcode Fuzzy Hash: 552e7281ce77bc9290f5ce763efc3185d13c79c345cee774fb8a569c28278d44
                  • Instruction Fuzzy Hash: 4131C3B2D1151AEFEB15DA58C945E6BFB74FBC0B24F024169EA15AB290D7309F00CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011ED294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 33%
                  			E011ED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x12ad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E011D4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E011FB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E011F98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E011F95D0();
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                  0x011ed29c
                  0x011ed2a6
                  0x011ed2b1
                  0x011ed2b5
                  0x011ed2b6
                  0x011ed2bc
                  0x011ed2bd
                  0x011ed2be
                  0x011ed2bf
                  0x011ed2c2
                  0x011ed2c4
                  0x011ed2cc
                  0x011ed384
                  0x011ed34b
                  0x011ed34f
                  0x011ed350
                  0x011ed351
                  0x011ed35c
                  0x011ed35c
                  0x011ed2d6
                  0x011ed2da
                  0x011ed2e1
                  0x011ed361
                  0x011ed369
                  0x011ed36d
                  0x011ed2e3
                  0x011ed2e3
                  0x011ed2e3
                  0x011ed2e5
                  0x011ed2ed
                  0x011ed2f5
                  0x011ed2fa
                  0x011ed302
                  0x011ed303
                  0x011ed30b
                  0x011ed30f
                  0x011ed313
                  0x011ed318
                  0x011ed31c
                  0x011ed320
                  0x011ed379
                  0x011ed37d
                  0x00000000
                  0x00000000
                  0x0122affe
                  0x0122b001
                  0x0122b011
                  0x00000000
                  0x011ed322
                  0x011ed322
                  0x011ed330
                  0x011ed337
                  0x011ed35d
                  0x011ed339
                  0x011ed33f
                  0x011ed38c
                  0x011ed38c
                  0x011ed33f
                  0x011ed349
                  0x00000000
                  0x011ed349

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: @
                  • API String ID: 0-2766056989
                  • Opcode ID: 356d331405c8e5ad6ab5fa4ba7a404996983df3a95be03b0a08bf46ce2e01a67
                  • Instruction ID: 3b98e944e56de5b944b8e31a533d98cd767117fa5f4db3a20016aa68a5a7ca79
                  • Opcode Fuzzy Hash: 356d331405c8e5ad6ab5fa4ba7a404996983df3a95be03b0a08bf46ce2e01a67
                  • Instruction Fuzzy Hash: FA31E4B550C7059FC729DFA8D984A5BFBE8EB85658F01092EF99483250D734DD04CB93
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E011C1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E011FBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E011FA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E011FA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L011D4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                  0x011c1b8f
                  0x011c1b9a
                  0x011c1b9c
                  0x011c1b9e
                  0x011c1ba3
                  0x01217010
                  0x01217010
                  0x00000000
                  0x011c1ba9
                  0x011c1ba9
                  0x011c1bae
                  0x00000000
                  0x011c1bc5
                  0x011c1bca
                  0x011c1bcf
                  0x011c1bd0
                  0x011c1bd1
                  0x011c1bd2
                  0x011c1bd6
                  0x011c1bdc
                  0x011c1be0
                  0x01216ffc
                  0x01217000
                  0x00000000
                  0x01217006
                  0x01217009
                  0x01217009
                  0x011c1be6
                  0x011c1bec
                  0x011c1c0b
                  0x011c1c0b
                  0x011c1c0c
                  0x011c1c11
                  0x011c1c12
                  0x011c1c15
                  0x011c1c1b
                  0x011c1c1f
                  0x011c1c31
                  0x011c1c33
                  0x01217026
                  0x01217026
                  0x011c1c21
                  0x011c1c24
                  0x011c1c24
                  0x011c1bee
                  0x011c1bee
                  0x011c1bf2
                  0x011c1c3a
                  0x011c1bf4
                  0x011c1bf4
                  0x011c1c05
                  0x011c1c05
                  0x011c1c09
                  0x011c1c3e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011c1c09
                  0x011c1bec
                  0x011c1be0
                  0x011c1bae
                  0x011c1c2e

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: WindowsExcludedProcs
                  • API String ID: 0-3583428290
                  • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                  • Instruction ID: c3d82c5db335375dfd009cb16e3956ac6aae670f1a8ef18e60997e38a71217e3
                  • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                  • Instruction Fuzzy Hash: AF210A7B640219FBDB2ADA59C840F9BBBADEFA1E50F064429FE048B205D734DD01C7A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011DF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                  0x011df71d
                  0x011df722
                  0x011df726
                  0x01224770
                  0x011df765
                  0x011df769
                  0x011df769
                  0x011df732
                  0x0122477a
                  0x00000000
                  0x0122477a
                  0x011df738
                  0x011df73a
                  0x011df73c
                  0x011df73f
                  0x011df746
                  0x011df778
                  0x011df7a9
                  0x011df7a9
                  0x011df754
                  0x011df75a
                  0x011df75d
                  0x011df75f
                  0x011df761
                  0x011df76f
                  0x011df771
                  0x011df771
                  0x011df76f
                  0x011df763
                  0x00000000
                  0x011df763
                  0x011df77d
                  0x011df7a3
                  0x011df7a5
                  0x00000000
                  0x011df7a5
                  0x011df77f
                  0x011df782
                  0x011df784
                  0x011df786
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011df788
                  0x011df748
                  0x011df74d
                  0x011df78d
                  0x011df793
                  0x011df7b7
                  0x011df7bc
                  0x00000000
                  0x011df7bc
                  0x011df798
                  0x00000000
                  0x00000000
                  0x011df79d
                  0x011df7b0
                  0x00000000
                  0x011df7b0
                  0x011df79f
                  0x00000000
                  0x011df74f
                  0x011df74f
                  0x00000000
                  0x011df74f

                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: Actx
                  • API String ID: 0-89312691
                  • Opcode ID: da6f3eb0df1d016ebeadcc9e7dffab7e60121c16f7852cb65acce62e3f6fc6b4
                  • Instruction ID: 5867eb652ac2d305570b82a851fab98d4b1487ab1c8bb7df05f64f8ec7649bfc
                  • Opcode Fuzzy Hash: da6f3eb0df1d016ebeadcc9e7dffab7e60121c16f7852cb65acce62e3f6fc6b4
                  • Instruction Fuzzy Hash: BB11E234304E838BEB6D4E1CC8947F67696AB85624F27452AE567CB391DB70DA43C342
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01268DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E01268DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1290d50);
				E0120D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01245720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E0120DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E0120DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0120D130(_t34, _t39, _t40);
			}





                  0x01268df1
                  0x01268df1
                  0x01268df1
                  0x01268df1
                  0x01268df1
                  0x01268df1
                  0x01268df3
                  0x01268df8
                  0x01268dfd
                  0x01268e00
                  0x01268e0e
                  0x01268e2a
                  0x01268e36
                  0x01268e38
                  0x01268e3c
                  0x01268e46
                  0x01268e46
                  0x01268e36
                  0x01268e50
                  0x01268e56
                  0x01268e59
                  0x01268e5c
                  0x01268e60
                  0x01268e67
                  0x01268e6d
                  0x01268e73
                  0x01268e74
                  0x01268eb1
                  0x01268ebd

                  Strings
                  • Critical error detected %lx, xrefs: 01268E21
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID: Critical error detected %lx
                  • API String ID: 0-802127002
                  • Opcode ID: 573e959c3a1650250cdd6346bb245918895e36b94c136feaca306b8337b58b47
                  • Instruction ID: a29d737d99cee732e650de78de365f362746ca66f98cac2a61167c684bb5b4da
                  • Opcode Fuzzy Hash: 573e959c3a1650250cdd6346bb245918895e36b94c136feaca306b8337b58b47
                  • Instruction Fuzzy Hash: 9F113975D25349DBDF29CFE889057ACBBB4AB18314F20425DE5696B2C2C3740641CF14
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01285BA5 Relevance: .6, Instructions: 592COMMON
                  Download Yara Rule
                  C-Code - Quality: 88%
                  			E01285BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1291178);
				E0120D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01284C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E011FD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01285542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x12a60e8;
								if( *0x12a60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x12a60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E011F9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E011F6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E011FF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E011FF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E011FF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E011FFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E011FFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E011FF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E011FF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01284CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0120D130(_t427, _t494, _t511);
				}
			}










































































                  0x01285ba5
                  0x01285baa
                  0x01285baf
                  0x01285bb4
                  0x01285bb6
                  0x01285bbc
                  0x01285bbe
                  0x01285bc4
                  0x01285bcd
                  0x01285bd3
                  0x01285bd6
                  0x01285bdc
                  0x01285be0
                  0x01285be3
                  0x01285beb
                  0x01285bf2
                  0x01285bf8
                  0x01285bfe
                  0x01285c04
                  0x01285c0e
                  0x01285c18
                  0x01285c1f
                  0x01285c25
                  0x01285c2a
                  0x01285c2c
                  0x01285c32
                  0x01285c3a
                  0x01285c3f
                  0x01285c42
                  0x01285c48
                  0x01285c5b
                  0x01285c5b
                  0x01285c2c
                  0x01285cb7
                  0x01285cb9
                  0x01285cbf
                  0x01285cc2
                  0x01285cca
                  0x01285ccb
                  0x01285ccb
                  0x01285cd1
                  0x01285cd7
                  0x01285cda
                  0x01285ce1
                  0x01285ce4
                  0x01285ce7
                  0x01285ced
                  0x01285cf3
                  0x01285cf9
                  0x01285cff
                  0x01285d08
                  0x01285d0a
                  0x01285d0e
                  0x01285d10
                  0x00000000
                  0x00000000
                  0x01285d16
                  0x01285d1a
                  0x00000000
                  0x00000000
                  0x01285d20
                  0x01285d22
                  0x01285d25
                  0x01285d2f
                  0x01285d2f
                  0x01285d33
                  0x01285d3d
                  0x01285d49
                  0x01285d4b
                  0x00000000
                  0x00000000
                  0x01285d5a
                  0x01285d5d
                  0x01285d60
                  0x00000000
                  0x00000000
                  0x01285d66
                  0x01285d69
                  0x00000000
                  0x00000000
                  0x01285d6f
                  0x01285d6f
                  0x01285d73
                  0x01285d79
                  0x01285d7f
                  0x01285d86
                  0x01285d95
                  0x01285d98
                  0x01285dba
                  0x01285dcb
                  0x01285dce
                  0x01285dd3
                  0x01285dd6
                  0x01285dd8
                  0x01285de6
                  0x01285dec
                  0x01285dee
                  0x01285df1
                  0x01285df3
                  0x0128635a
                  0x0128635a
                  0x00000000
                  0x0128635a
                  0x01285dfe
                  0x01285e02
                  0x01285e05
                  0x01285e07
                  0x01285e10
                  0x01285e13
                  0x01285e1b
                  0x01285e1c
                  0x01285e21
                  0x01285e22
                  0x01285e23
                  0x01285e25
                  0x01285e2a
                  0x01285e2c
                  0x01285e2e
                  0x01285e36
                  0x01285e39
                  0x01285e42
                  0x01285e47
                  0x01285e4d
                  0x01285e54
                  0x01285e54
                  0x01285e54
                  0x01285e2e
                  0x01285e5c
                  0x01285e5f
                  0x01285e62
                  0x01285e64
                  0x01285e6b
                  0x01285e70
                  0x01285e7a
                  0x01285e7a
                  0x01285e7a
                  0x01285e6b
                  0x01285e7e
                  0x01285e7f
                  0x01285e7f
                  0x01285e81
                  0x01285e87
                  0x01285e8b
                  0x01285e8c
                  0x01285e8c
                  0x01285e8c
                  0x01285e9a
                  0x01285e9c
                  0x01285ea2
                  0x01285ea6
                  0x01285f50
                  0x01285f50
                  0x01285f57
                  0x01285f66
                  0x01285f66
                  0x01285f66
                  0x01285f68
                  0x01285f6a
                  0x012863d0
                  0x00000000
                  0x01285f70
                  0x01285f70
                  0x01285f91
                  0x01285f9c
                  0x01285f9e
                  0x01285fa4
                  0x01285fa6
                  0x0128638c
                  0x01286392
                  0x012863a1
                  0x012863a7
                  0x012863af
                  0x012863af
                  0x012863bd
                  0x012863d8
                  0x00000000
                  0x012863d8
                  0x01285fac
                  0x01285fb2
                  0x01285fb4
                  0x01285fbd
                  0x01285fc6
                  0x01285fce
                  0x01285fd4
                  0x01285fdc
                  0x01285fec
                  0x01285fed
                  0x01285fee
                  0x01285fef
                  0x01285ff9
                  0x01285ffa
                  0x01285ffb
                  0x01285ffc
                  0x01286000
                  0x01286004
                  0x01286012
                  0x01286012
                  0x01286018
                  0x01286019
                  0x0128601a
                  0x0128601b
                  0x0128601c
                  0x01286020
                  0x01286059
                  0x0128605c
                  0x01286061
                  0x01286061
                  0x01286022
                  0x01286022
                  0x01286022
                  0x01286025
                  0x0128602a
                  0x0128602b
                  0x01286031
                  0x01286037
                  0x01286038
                  0x0128603e
                  0x01286048
                  0x01286049
                  0x0128604a
                  0x0128604b
                  0x0128604c
                  0x0128604d
                  0x01286053
                  0x01286054
                  0x01286054
                  0x01286062
                  0x01286065
                  0x01286067
                  0x0128606a
                  0x01286070
                  0x01286075
                  0x01286076
                  0x01286081
                  0x01286087
                  0x01286095
                  0x01286099
                  0x0128609e
                  0x012860a4
                  0x012860ae
                  0x012860b0
                  0x012860b3
                  0x012860b6
                  0x012860b8
                  0x012860ba
                  0x012860ba
                  0x012860ba
                  0x012860ba
                  0x012860be
                  0x012860c0
                  0x012860c5
                  0x012860c5
                  0x012860c5
                  0x012860c6
                  0x012860cd
                  0x01286114
                  0x012860cf
                  0x012860cf
                  0x012860d4
                  0x012860d5
                  0x012860da
                  0x012860db
                  0x012860e1
                  0x012860e2
                  0x012860e8
                  0x012860f8
                  0x012860fd
                  0x012860fe
                  0x01286102
                  0x01286104
                  0x01286107
                  0x01286109
                  0x0128610b
                  0x0128610b
                  0x0128610b
                  0x0128610b
                  0x0128610f
                  0x0128610f
                  0x01286117
                  0x0128611a
                  0x0128611f
                  0x01286125
                  0x01286134
                  0x01286139
                  0x0128613f
                  0x01286146
                  0x01286148
                  0x0128614b
                  0x0128614d
                  0x0128614f
                  0x0128614f
                  0x0128614f
                  0x0128614f
                  0x01286153
                  0x01286159
                  0x01286159
                  0x0128615c
                  0x01286163
                  0x01286169
                  0x0128616c
                  0x01286172
                  0x01286181
                  0x01286186
                  0x01286187
                  0x0128618b
                  0x01286191
                  0x01286195
                  0x012861a3
                  0x012861bb
                  0x012861c0
                  0x012861c3
                  0x012861cc
                  0x012861d0
                  0x012861dc
                  0x012861de
                  0x012861e1
                  0x012861e4
                  0x012861e6
                  0x012861e8
                  0x012861e8
                  0x012861e8
                  0x012861e8
                  0x012861e6
                  0x012861ec
                  0x012861f3
                  0x01286203
                  0x01286209
                  0x0128620a
                  0x01286216
                  0x0128621d
                  0x01286227
                  0x01286241
                  0x01286246
                  0x0128624c
                  0x01286257
                  0x01286259
                  0x0128625c
                  0x0128625e
                  0x01286260
                  0x01286260
                  0x01286260
                  0x01286260
                  0x0128625e
                  0x01286264
                  0x01286267
                  0x01286269
                  0x01286315
                  0x01286315
                  0x0128631b
                  0x0128631e
                  0x01286324
                  0x01286327
                  0x0128632f
                  0x01286330
                  0x01286333
                  0x0128633a
                  0x0128633c
                  0x01286335
                  0x01286335
                  0x01286335
                  0x0128633f
                  0x01286342
                  0x0128634c
                  0x01286352
                  0x01286355
                  0x01286355
                  0x01286359
                  0x00000000
                  0x0128626f
                  0x01286275
                  0x01286275
                  0x01286278
                  0x0128627e
                  0x0128627e
                  0x01286281
                  0x01286287
                  0x0128628d
                  0x01286298
                  0x0128629c
                  0x012862a2
                  0x0128629e
                  0x0128629e
                  0x0128629e
                  0x012862a7
                  0x012862a7
                  0x012862aa
                  0x012862b0
                  0x012862f0
                  0x012862f0
                  0x012862f2
                  0x012862f8
                  0x012862fd
                  0x012862b2
                  0x012862b2
                  0x012862b2
                  0x012862b5
                  0x012862dd
                  0x012862e2
                  0x012862e5
                  0x012862b7
                  0x012862b8
                  0x012862bb
                  0x012862bd
                  0x012862c0
                  0x012862c4
                  0x012862cd
                  0x012862cd
                  0x012862c0
                  0x012862bb
                  0x012862b5
                  0x01286302
                  0x01286303
                  0x01286305
                  0x01286305
                  0x01286305
                  0x0128630c
                  0x0128630c
                  0x00000000
                  0x0128627e
                  0x01286269
                  0x01285eac
                  0x01285ebb
                  0x01285ebe
                  0x01285ecb
                  0x01285ecb
                  0x01285ece
                  0x01285ece
                  0x01285ed4
                  0x01285ed7
                  0x01285ed9
                  0x01285edb
                  0x01285edb
                  0x01285ee1
                  0x01285ee1
                  0x01285ee3
                  0x01285f20
                  0x01285f20
                  0x01285ee5
                  0x01285ee5
                  0x01285ee5
                  0x01285ee8
                  0x01285f11
                  0x01285f18
                  0x01285eea
                  0x01285eea
                  0x01285eed
                  0x01285ef2
                  0x01285ef8
                  0x01285efb
                  0x01285f0a
                  0x01285f0a
                  0x01285eed
                  0x01285ee8
                  0x01285f22
                  0x01285f28
                  0x00000000
                  0x00000000
                  0x01285f30
                  0x01285f31
                  0x01285f37
                  0x01285f3a
                  0x01285f3d
                  0x01285f44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01285f46
                  0x01285f48
                  0x01285f4d
                  0x00000000
                  0x01285f4d
                  0x01285dda
                  0x01285ddf
                  0x00000000
                  0x01285ddf
                  0x01285dd8
                  0x01285da7
                  0x01285da9
                  0x01285dac
                  0x01285dae
                  0x00000000
                  0x01285db4
                  0x01285db4
                  0x00000000
                  0x01285db4
                  0x01285dae
                  0x01285d88
                  0x01285d8d
                  0x01286363
                  0x01286369
                  0x0128636a
                  0x01286370
                  0x01286372
                  0x0128637a
                  0x0128637b
                  0x0128637d
                  0x00000000
                  0x00000000
                  0x0128637f
                  0x01286385
                  0x00000000
                  0x01286385
                  0x01285d38
                  0x01285d3b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01285d3b
                  0x01285d27
                  0x01285d29
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01286360
                  0x00000000
                  0x01286360
                  0x01285c10
                  0x01285c10
                  0x012863da
                  0x012863e5
                  0x012863e5

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f0c27c5eb0811123b38f34d21d225c9b66a0d53809b94a930bb17d475ce5234a
                  • Instruction ID: 06a86a728e904d0d98b8de8fdaba823d28c26388e8b65a579cff6c781fa7550d
                  • Opcode Fuzzy Hash: f0c27c5eb0811123b38f34d21d225c9b66a0d53809b94a930bb17d475ce5234a
                  • Instruction Fuzzy Hash: 60426E7192121ACFDB24DF68C881BA9BBB1FF45304F1481AADA4DEB382D7749985CF50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011D4120 Relevance: .4, Instructions: 444COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E011D4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x12ad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E011EF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E011D6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L011D4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E011D6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M011D45F8))) {
												case 0:
													_v568 = 0x1191078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x11911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L011D4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E011FF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E011FF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E011B52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E011CEB70(1, 0x12a79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E011CAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E011F95D0();
																			L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E011FB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E011F3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E011FB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                  0x011d4128
                  0x011d4135
                  0x011d413c
                  0x011d4141
                  0x011d4145
                  0x011d4147
                  0x011d414e
                  0x011d4151
                  0x011d4159
                  0x011d415c
                  0x011d4160
                  0x011d4164
                  0x011d4168
                  0x011d416c
                  0x011d417f
                  0x011d4181
                  0x011d446a
                  0x011d446a
                  0x011d418c
                  0x011d4195
                  0x011d4199
                  0x011d4432
                  0x011d4439
                  0x011d443d
                  0x011d4442
                  0x011d4447
                  0x00000000
                  0x011d419f
                  0x011d41a3
                  0x011d41b1
                  0x011d41b9
                  0x011d41bd
                  0x011d45db
                  0x011d45db
                  0x00000000
                  0x011d41c3
                  0x011d41c3
                  0x011d41ce
                  0x011d41d4
                  0x0121e138
                  0x0121e13e
                  0x0121e169
                  0x0121e16d
                  0x0121e19e
                  0x0121e16f
                  0x0121e16f
                  0x0121e175
                  0x0121e179
                  0x0121e18f
                  0x0121e193
                  0x00000000
                  0x0121e199
                  0x00000000
                  0x0121e199
                  0x0121e193
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d41da
                  0x011d41da
                  0x011d41df
                  0x011d41e4
                  0x011d41ec
                  0x011d4203
                  0x011d4207
                  0x0121e1fd
                  0x011d4222
                  0x011d4226
                  0x0121e1f3
                  0x0121e1f3
                  0x011d422c
                  0x011d422c
                  0x011d4233
                  0x0121e1ed
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d4239
                  0x011d4239
                  0x011d4239
                  0x011d4239
                  0x011d4233
                  0x011d4226
                  0x011d41ee
                  0x011d41ee
                  0x011d41f4
                  0x011d4575
                  0x0121e1b1
                  0x0121e1b1
                  0x00000000
                  0x011d457b
                  0x011d457b
                  0x011d4582
                  0x0121e1ab
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d4588
                  0x011d4588
                  0x011d458c
                  0x0121e1c4
                  0x0121e1c4
                  0x00000000
                  0x011d4592
                  0x011d4592
                  0x011d4599
                  0x0121e1be
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d459f
                  0x011d459f
                  0x011d45a3
                  0x0121e1d7
                  0x0121e1e4
                  0x00000000
                  0x011d45a9
                  0x011d45a9
                  0x011d45b0
                  0x0121e1d1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d45b6
                  0x011d45b6
                  0x011d45b6
                  0x00000000
                  0x011d45b6
                  0x011d45b0
                  0x011d45a3
                  0x011d4599
                  0x011d458c
                  0x011d4582
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d41f4
                  0x011d423e
                  0x011d4241
                  0x011d45c0
                  0x011d45c4
                  0x00000000
                  0x011d45ca
                  0x011d45ca
                  0x00000000
                  0x0121e207
                  0x0121e20f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011d45d1
                  0x00000000
                  0x00000000
                  0x011d45ca
                  0x00000000
                  0x011d4247
                  0x011d4247
                  0x011d4247
                  0x011d4249
                  0x011d4249
                  0x011d4249
                  0x011d4251
                  0x011d4251
                  0x011d4257
                  0x011d425f
                  0x011d426e
                  0x011d4270
                  0x011d427a
                  0x0121e219
                  0x0121e219
                  0x011d4280
                  0x011d4282
                  0x011d4456
                  0x011d45ea
                  0x00000000
                  0x011d45f0
                  0x0121e223
                  0x00000000
                  0x0121e223
                  0x011d445c
                  0x011d445c
                  0x00000000
                  0x011d445c
                  0x00000000
                  0x011d4288
                  0x011d428c
                  0x0121e298
                  0x011d4292
                  0x011d4292
                  0x011d429e
                  0x011d42a3
                  0x011d42a7
                  0x011d42ac
                  0x0121e22d
                  0x011d42b2
                  0x011d42b2
                  0x011d42b9
                  0x011d42bc
                  0x011d42c2
                  0x011d42ca
                  0x011d42cd
                  0x011d42cd
                  0x011d42d4
                  0x011d433f
                  0x011d433f
                  0x011d42d6
                  0x011d42d6
                  0x011d42d9
                  0x011d42dd
                  0x011d42eb
                  0x0121e23a
                  0x011d42f1
                  0x011d4305
                  0x011d430d
                  0x011d4315
                  0x011d4318
                  0x011d431f
                  0x011d4322
                  0x011d432e
                  0x011d433b
                  0x011d433b
                  0x00000000
                  0x011d432e
                  0x011d42eb
                  0x011d434c
                  0x011d434e
                  0x011d4352
                  0x011d4359
                  0x011d435e
                  0x011d4361
                  0x011d436e
                  0x011d438a
                  0x011d438e
                  0x011d4396
                  0x011d439e
                  0x011d43a1
                  0x011d43ad
                  0x011d43bb
                  0x011d43bb
                  0x011d43ad
                  0x011d436e
                  0x011d43bf
                  0x011d43c5
                  0x011d4463
                  0x011d4463
                  0x011d43ce
                  0x011d43d5
                  0x011d43d9
                  0x011d43df
                  0x011d4475
                  0x011d4479
                  0x011d4491
                  0x011d4491
                  0x011d4479
                  0x011d43e5
                  0x011d43eb
                  0x011d43f4
                  0x011d43f6
                  0x011d43f9
                  0x011d43fc
                  0x011d43ff
                  0x011d44e8
                  0x011d44ed
                  0x011d44f3
                  0x0121e247
                  0x00000000
                  0x011d44f9
                  0x011d4504
                  0x011d4508
                  0x011d450f
                  0x0121e269
                  0x00000000
                  0x011d4515
                  0x011d4519
                  0x011d4531
                  0x011d4534
                  0x011d4537
                  0x011d453e
                  0x011d4541
                  0x011d454a
                  0x0121e255
                  0x0121e255
                  0x0121e25b
                  0x0121e25e
                  0x0121e261
                  0x0121e261
                  0x011d4555
                  0x011d4559
                  0x011d455d
                  0x0121e26d
                  0x0121e270
                  0x0121e274
                  0x0121e27a
                  0x0121e27d
                  0x0121e28e
                  0x0121e28e
                  0x011d4563
                  0x011d4563
                  0x011d4569
                  0x011d4569
                  0x00000000
                  0x011d455d
                  0x011d450f
                  0x00000000
                  0x011d44f3
                  0x011d43ff
                  0x011d4405
                  0x011d4405
                  0x011d4405
                  0x011d42ac
                  0x011d428c
                  0x011d4282
                  0x011d4407
                  0x011d440d
                  0x0121e2af
                  0x0121e2af
                  0x011d4413
                  0x011d4413
                  0x00000000
                  0x011d41d4
                  0x00000000
                  0x011d41c3
                  0x011d41bd
                  0x011d4415
                  0x011d4415
                  0x011d4416
                  0x011d4417
                  0x011d4429
                  0x011d416e
                  0x011d416e
                  0x011d4175
                  0x011d4498
                  0x011d449f
                  0x0121e12d
                  0x00000000
                  0x0121e133
                  0x00000000
                  0x0121e133
                  0x011d44a5
                  0x011d44a5
                  0x011d44aa
                  0x00000000
                  0x011d44bb
                  0x011d44ca
                  0x011d44d6
                  0x011d44d7
                  0x011d44d8
                  0x011d44e3
                  0x011d44e3
                  0x011d44aa
                  0x011d417b
                  0x011d417b
                  0x011d417b
                  0x00000000
                  0x011d417b
                  0x011d4175
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e493cfc47d648e82f79257c52dbf1799ae45fc78b30f73e9c3c8211b70cc8bd2
                  • Instruction ID: 78bec5e80564c3f1bc8d7f9da9905db06f13929384f34aaced0068f83934cf62
                  • Opcode Fuzzy Hash: e493cfc47d648e82f79257c52dbf1799ae45fc78b30f73e9c3c8211b70cc8bd2
                  • Instruction Fuzzy Hash: B0F19F706183128FD729CF19C490A7AB7E1FF98714F45892EF986CBA90E734D881CB52
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E20A0 Relevance: .4, Instructions: 420COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E011E20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x12a8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E011E2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E011E2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E011B58EC(_t240);
									_t221 =  *0x12a5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x12a5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E011F4A2C(0x12a6e40, 0x11f4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E011D7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1195c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E011EF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E011EF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01237016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L011D2400(_t267 + 0x20);
															}
															L011D2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E011E2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E011D2280(_t134, 0x12a8608);
									__eflags =  *0x12a6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E011CFFB0(_t198, _t241, 0x12a8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x12a6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x12a8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E011E6B90(_t210,  &_v64);
										_t262 =  *0x12a8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E011EE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E011F97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E011F006A(0x12a8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x12a8608);
												E011FB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x12a6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x12a6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E011CFFB0(_t198, _t240, 0x12a8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E011F00C2(0x12a8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                  0x011e20a0
                  0x011e20a8
                  0x011e20ad
                  0x011e20b3
                  0x011e20b8
                  0x011e20c2
                  0x011e20c7
                  0x011e20cb
                  0x011e20d2
                  0x011e2263
                  0x011e2266
                  0x01225836
                  0x01225836
                  0x00000000
                  0x011e226c
                  0x011e226c
                  0x011e2270
                  0x011e2274
                  0x011e20e2
                  0x011e20e2
                  0x011e20e6
                  0x011e20ee
                  0x012257dc
                  0x012257de
                  0x012257ec
                  0x012257ec
                  0x012257f1
                  0x012257f3
                  0x012257f8
                  0x00000000
                  0x012257f8
                  0x012257e0
                  0x012257e4
                  0x012257ea
                  0x00000000
                  0x00000000
                  0x00000000
                  0x012257ea
                  0x011e20f4
                  0x011e20f4
                  0x011e20f8
                  0x011e20f8
                  0x011e20fc
                  0x011e2100
                  0x011e2106
                  0x011e2201
                  0x011e2206
                  0x011e220b
                  0x011e220e
                  0x011e22a9
                  0x011e22ac
                  0x00000000
                  0x00000000
                  0x011e22b2
                  0x011e22b5
                  0x01225801
                  0x01225806
                  0x00000000
                  0x00000000
                  0x01225810
                  0x01225815
                  0x01225818
                  0x00000000
                  0x00000000
                  0x0122581e
                  0x011e22bb
                  0x011e22bb
                  0x011e2218
                  0x011e2218
                  0x011e221c
                  0x011e2220
                  0x011e2222
                  0x011e22c2
                  0x011e22c4
                  0x011e22dc
                  0x011e22dc
                  0x011e22e1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011e22e7
                  0x011e22c8
                  0x011e22cd
                  0x011e22d3
                  0x011e22d6
                  0x01225823
                  0x01225825
                  0x01225827
                  0x00000000
                  0x00000000
                  0x0122582d
                  0x00000000
                  0x0122582d
                  0x00000000
                  0x011e2228
                  0x011e2228
                  0x00000000
                  0x011e2228
                  0x011e2222
                  0x011e2214
                  0x011e2214
                  0x00000000
                  0x011e2114
                  0x011e2114
                  0x011e2114
                  0x011e211a
                  0x011e211c
                  0x011e2348
                  0x011e234d
                  0x01225840
                  0x01225845
                  0x01225848
                  0x0122584e
                  0x0122584e
                  0x01225848
                  0x011e2353
                  0x011e2355
                  0x011e2388
                  0x011e2388
                  0x011e2368
                  0x011e236a
                  0x011e236c
                  0x011e238f
                  0x00000000
                  0x011e236e
                  0x011e236e
                  0x011e218e
                  0x011e218e
                  0x011e2191
                  0x011e2195
                  0x01225a03
                  0x01225a06
                  0x01225a0c
                  0x01225a0f
                  0x01225a11
                  0x01225a13
                  0x01225a13
                  0x01225a19
                  0x01225a1f
                  0x00000000
                  0x011e219b
                  0x011e219b
                  0x011e21a0
                  0x011e2282
                  0x011e2284
                  0x011e2284
                  0x011e2284
                  0x011e2284
                  0x011e21a6
                  0x011e21a9
                  0x011e21ac
                  0x011e21ae
                  0x011e21b3
                  0x011e228b
                  0x011e2290
                  0x011e2379
                  0x011e2296
                  0x011e2298
                  0x011e2298
                  0x011e2290
                  0x011e21b9
                  0x011e21be
                  0x011e22a2
                  0x011e22a2
                  0x011e21c4
                  0x011e21c8
                  0x011e21cc
                  0x011e21d0
                  0x011e21d4
                  0x011e21de
                  0x011e21e3
                  0x01225a29
                  0x01225a2c
                  0x00000000
                  0x00000000
                  0x01225a3b
                  0x00000000
                  0x011e21e9
                  0x011e21e9
                  0x011e21e9
                  0x011e21ee
                  0x011e21f1
                  0x01225a45
                  0x01225a4b
                  0x01225a52
                  0x01225a58
                  0x01225a5d
                  0x01225a5f
                  0x01225a71
                  0x01225a61
                  0x01225a6a
                  0x01225a6a
                  0x01225a76
                  0x01225a79
                  0x01225a7f
                  0x01225a83
                  0x01225a85
                  0x01225a87
                  0x01225a87
                  0x01225a8c
                  0x01225a91
                  0x01225a97
                  0x01225a9f
                  0x01225aa0
                  0x01225aa1
                  0x01225aa6
                  0x01225aab
                  0x01225ab1
                  0x01225ab3
                  0x01225ab9
                  0x01225aca
                  0x01225ad4
                  0x01225ad4
                  0x01225ade
                  0x01225ade
                  0x01225aab
                  0x01225a79
                  0x01225a52
                  0x011e21f7
                  0x011e21f9
                  0x011e21fe
                  0x011e21fe
                  0x011e21e3
                  0x011e2195
                  0x011e236c
                  0x011e2122
                  0x011e2122
                  0x011e2124
                  0x011e2231
                  0x011e2236
                  0x011e2236
                  0x011e2238
                  0x011e2238
                  0x011e2240
                  0x011e2242
                  0x011e2244
                  0x012259fc
                  0x011e218c
                  0x011e218c
                  0x00000000
                  0x011e218c
                  0x011e224a
                  0x011e224f
                  0x011e2256
                  0x011e2304
                  0x011e2309
                  0x011e230f
                  0x011e231e
                  0x011e231e
                  0x011e231e
                  0x011e2320
                  0x011e2325
                  0x011e232a
                  0x011e232c
                  0x011e233e
                  0x011e233e
                  0x00000000
                  0x011e232c
                  0x011e2311
                  0x011e2317
                  0x011e231a
                  0x011e231c
                  0x011e2380
                  0x011e2380
                  0x011e2380
                  0x011e2384
                  0x00000000
                  0x00000000
                  0x011e2386
                  0x00000000
                  0x011e231c
                  0x011e225c
                  0x011e225c
                  0x00000000
                  0x011e225c
                  0x011e212a
                  0x011e2134
                  0x011e2138
                  0x011e213d
                  0x01225858
                  0x01225863
                  0x01225863
                  0x01225867
                  0x0122586a
                  0x00000000
                  0x00000000
                  0x0122586c
                  0x0122586c
                  0x01225871
                  0x01225875
                  0x01225877
                  0x01225997
                  0x0122599c
                  0x012259a1
                  0x012259a7
                  0x012259a7
                  0x00000000
                  0x012259a7
                  0x0122587d
                  0x00000000
                  0x0122588b
                  0x0122588b
                  0x01225890
                  0x01225892
                  0x01225894
                  0x01225899
                  0x0122589b
                  0x012258a0
                  0x012258a0
                  0x012258aa
                  0x012258b2
                  0x012258b6
                  0x012258be
                  0x012258c6
                  0x012258c9
                  0x0122590d
                  0x01225917
                  0x0122591a
                  0x0122591c
                  0x01225920
                  0x01225928
                  0x0122592a
                  0x0122592c
                  0x0122592e
                  0x0122592e
                  0x012258cb
                  0x012258cd
                  0x012258d8
                  0x012258e0
                  0x012258f4
                  0x012258fe
                  0x012258fe
                  0x0122593a
                  0x0122593e
                  0x01225940
                  0x01225942
                  0x00000000
                  0x01225944
                  0x01225944
                  0x01225949
                  0x0122594e
                  0x0122594e
                  0x01225953
                  0x0122595b
                  0x01225976
                  0x01225976
                  0x0122597a
                  0x0122597f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01225981
                  0x01225981
                  0x01225981
                  0x01225983
                  0x01225988
                  0x0122598d
                  0x01225991
                  0x01225991
                  0x00000000
                  0x0122595d
                  0x0122595d
                  0x01225963
                  0x01225965
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01225967
                  0x01225967
                  0x0122596b
                  0x0122596d
                  0x00000000
                  0x00000000
                  0x0122596f
                  0x01225971
                  0x01225971
                  0x01225974
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01225974
                  0x00000000
                  0x01225967
                  0x0122595b
                  0x01225942
                  0x01225863
                  0x011e2143
                  0x011e2143
                  0x011e2149
                  0x011e214f
                  0x011e22f1
                  0x011e22f6
                  0x00000000
                  0x011e2173
                  0x011e2173
                  0x011e217d
                  0x011e2181
                  0x011e2186
                  0x012259ae
                  0x012259b2
                  0x012259b5
                  0x012259b7
                  0x012259ba
                  0x012259cd
                  0x012259d1
                  0x012259d5
                  0x012259d9
                  0x012259db
                  0x00000000
                  0x00000000
                  0x012259dd
                  0x012259dd
                  0x012259e1
                  0x012259e4
                  0x012259e7
                  0x012259ee
                  0x012259ee
                  0x012259f3
                  0x012259f3
                  0x00000000
                  0x011e2186
                  0x011e214f
                  0x011e2106
                  0x011e2266
                  0x011e20d8
                  0x011e20da
                  0x011e20e0
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 248ddba87c5e9f421c2a252923b0574f992b58833fc812428bacbb90a12382eb
                  • Instruction ID: 104082b4d17aa2ca516644b74cf10a6c1db9e8df1162a2ed98064b5d36a48dc0
                  • Opcode Fuzzy Hash: 248ddba87c5e9f421c2a252923b0574f992b58833fc812428bacbb90a12382eb
                  • Instruction Fuzzy Hash: 71F12531618752AFE72ECF6CC45876EBBE9AF85314F08C51DEA958B281D774D840CB82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C849B Relevance: .3, Instructions: 290COMMON
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E011C849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x128f9c0);
				E0120D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x12a7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E011CCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E011D2280( *[fs:0x30], 0x12a8550);
						_t139 =  *0x12a7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E011EF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E011CFFB0(_t193, _t235, 0x12a8550);
								L5:
								return E0120D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E011B1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x12a7b9c; // 0x0
							_t235 = L011D4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x12a7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E011EA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E011CFFB0(_t193, _t235, 0x12a8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L011D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L011D77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x12a7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x12a7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E011F37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x12a7b9c; // 0x0
									_t214 = L011D4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E011F37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x12a7b10 =  *0x12a7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x12a7b04 =  *0x12a7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L011D77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L011D77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x12a7b08 =  *0x12a7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E011F57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E011FF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L011D77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E011EA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L011D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E011F96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                  0x011c849b
                  0x011c849b
                  0x011c849b
                  0x011c849b
                  0x011c849d
                  0x011c84a2
                  0x011c84a7
                  0x011c84b1
                  0x011c84d8
                  0x00000000
                  0x011c84b3
                  0x011c84c4
                  0x011c84c9
                  0x011c84cd
                  0x011c84cf
                  0x011c84cf
                  0x011c84d6
                  0x011c84e6
                  0x011c84e9
                  0x011c84ec
                  0x011c84ef
                  0x011c84f2
                  0x011c84f4
                  0x011c84fc
                  0x011c8501
                  0x011c8506
                  0x011c8509
                  0x011c86e0
                  0x011c86e5
                  0x011c86e8
                  0x011c86ed
                  0x011c86f0
                  0x011c86f2
                  0x01219afd
                  0x01219b02
                  0x011c84da
                  0x011c84df
                  0x011c84df
                  0x011c86fa
                  0x011c86fd
                  0x011c86fe
                  0x011c8701
                  0x011c8706
                  0x011c8709
                  0x011c870b
                  0x00000000
                  0x00000000
                  0x011c8711
                  0x011c8725
                  0x011c8727
                  0x011c872a
                  0x011c872c
                  0x01219af0
                  0x01219af5
                  0x011c8732
                  0x011c8732
                  0x011c8732
                  0x011c8735
                  0x011c8737
                  0x011c8515
                  0x011c8515
                  0x011c8518
                  0x011c851d
                  0x011c8523
                  0x011c8527
                  0x011c852b
                  0x011c8537
                  0x011c8539
                  0x011c853c
                  0x011c853e
                  0x011c868c
                  0x011c8691
                  0x011c8699
                  0x011c869b
                  0x011c8744
                  0x011c8748
                  0x011c86a1
                  0x011c86a1
                  0x011c86a1
                  0x011c86a4
                  0x011c86a8
                  0x01219bdf
                  0x01219bdf
                  0x011c86ae
                  0x011c86b0
                  0x00000000
                  0x011c86b6
                  0x00000000
                  0x01219be9
                  0x011c86b0
                  0x011c8544
                  0x011c854a
                  0x011c854d
                  0x011c8551
                  0x011c876e
                  0x011c8778
                  0x011c877b
                  0x011c8780
                  0x011c8557
                  0x011c8557
                  0x011c855d
                  0x011c855d
                  0x011c856b
                  0x011c856e
                  0x011c8570
                  0x011c8573
                  0x011c8576
                  0x011c8576
                  0x011c8579
                  0x011c857b
                  0x00000000
                  0x00000000
                  0x011c8581
                  0x011c85a0
                  0x011c85a2
                  0x011c85a5
                  0x011c85a7
                  0x01219b1b
                  0x01219b1b
                  0x011c862e
                  0x011c862e
                  0x011c8631
                  0x011c8631
                  0x011c8634
                  0x011c8636
                  0x011c8669
                  0x011c8669
                  0x011c866b
                  0x01219bbf
                  0x01219bc4
                  0x01219bc8
                  0x01219bce
                  0x01219bce
                  0x011c8671
                  0x011c8671
                  0x011c8674
                  0x011c8676
                  0x01219bae
                  0x01219bae
                  0x011c8676
                  0x011c867c
                  0x011c867e
                  0x011c8688
                  0x011c8688
                  0x00000000
                  0x011c867e
                  0x011c8638
                  0x011c8638
                  0x011c863b
                  0x011c863e
                  0x011c863f
                  0x011c8642
                  0x011c8645
                  0x011c8648
                  0x011c864d
                  0x01219b69
                  0x01219b6e
                  0x01219b7b
                  0x01219b81
                  0x01219b85
                  0x01219b89
                  0x01219ba7
                  0x01219b8b
                  0x01219b91
                  0x01219b9a
                  0x01219b9f
                  0x01219b9f
                  0x011c8788
                  0x011c878d
                  0x011c8763
                  0x011c8763
                  0x011c8766
                  0x00000000
                  0x011c8766
                  0x01219b70
                  0x00000000
                  0x01219b70
                  0x011c8656
                  0x011c865a
                  0x011c865c
                  0x011c8752
                  0x011c8756
                  0x00000000
                  0x00000000
                  0x011c875e
                  0x00000000
                  0x011c875e
                  0x011c8662
                  0x011c8662
                  0x011c8662
                  0x011c8666
                  0x00000000
                  0x011c8666
                  0x011c85b7
                  0x011c85b9
                  0x011c85bc
                  0x011c85bf
                  0x011c85cc
                  0x011c85d1
                  0x011c85d4
                  0x011c85db
                  0x011c85de
                  0x011c85e0
                  0x01219b5f
                  0x00000000
                  0x01219b5f
                  0x011c85e6
                  0x011c85ea
                  0x011c86c3
                  0x011c86c5
                  0x011c86c8
                  0x011c86ca
                  0x01219b16
                  0x00000000
                  0x01219b16
                  0x011c86d6
                  0x011c85f6
                  0x011c85f6
                  0x011c85f9
                  0x011c8602
                  0x011c8606
                  0x011c860a
                  0x011c860b
                  0x011c860e
                  0x011c8611
                  0x00000000
                  0x011c8611
                  0x011c85f3
                  0x00000000
                  0x011c85f3
                  0x011c8619
                  0x011c861e
                  0x011c861e
                  0x011c8621
                  0x011c8622
                  0x011c8623
                  0x011c8625
                  0x011c862c
                  0x00000000
                  0x011c873d
                  0x00000000
                  0x011c873d
                  0x011c8737
                  0x011c850f
                  0x011c8512
                  0x00000000
                  0x011c8512
                  0x00000000
                  0x011c84d6

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 44eb045f80197ed11b312dafc65717bfee3fd8360c51b46a0f34267f5595ecf2
                  • Instruction ID: 5ea14c62d92c7ba9b77200a652d6f915a9417b878601d86eb6724a093f0c1bae
                  • Opcode Fuzzy Hash: 44eb045f80197ed11b312dafc65717bfee3fd8360c51b46a0f34267f5595ecf2
                  • Instruction Fuzzy Hash: 50B17CB1E0021ADFDB19DFE8C9C4AADFBB5BF68708F10412DE505AB245E770A945CB80
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BC600 Relevance: .2, Instructions: 225COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E011BC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x12ad360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E011C6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E011FB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x12a7b9c; // 0x0
					_t74 = L011D4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E011F9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L011D77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E011FF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E011F13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L011D77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E011F9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                  0x011bc608
                  0x011bc615
                  0x011bc625
                  0x011bc62d
                  0x011bc635
                  0x011bc640
                  0x011bc680
                  0x011bc687
                  0x011bc688
                  0x011bc689
                  0x011bc694
                  0x011bc694
                  0x011bc642
                  0x011bc64a
                  0x011bc697
                  0x01227a25
                  0x01227a2b
                  0x01227a2e
                  0x01227a30
                  0x01227bea
                  0x01227bea
                  0x00000000
                  0x01227bea
                  0x01227a36
                  0x01227a43
                  0x01227a48
                  0x01227a4c
                  0x01227a4e
                  0x00000000
                  0x00000000
                  0x01227a58
                  0x01227a5a
                  0x01227a5b
                  0x01227a5c
                  0x01227a5d
                  0x01227a63
                  0x01227a64
                  0x01227a6a
                  0x01227a6c
                  0x01227a6e
                  0x012279cb
                  0x012279cb
                  0x012279ce
                  0x012279d0
                  0x01227a98
                  0x01227a9b
                  0x01227a9b
                  0x01227a9e
                  0x01227aa1
                  0x01227bbe
                  0x01227bbe
                  0x01227bc0
                  0x01227be0
                  0x01227be0
                  0x01227a01
                  0x01227a01
                  0x01227a05
                  0x01227a07
                  0x01227a15
                  0x01227a15
                  0x01227a1a
                  0x00000000
                  0x01227a1a
                  0x01227bc2
                  0x01227bc6
                  0x01227bc9
                  0x01227bcd
                  0x01227bcf
                  0x012279e6
                  0x012279e6
                  0x012279eb
                  0x012279eb
                  0x012279ef
                  0x012279f1
                  0x00000000
                  0x00000000
                  0x012279f3
                  0x012279f5
                  0x012279ff
                  0x012279ff
                  0x00000000
                  0x012279ff
                  0x012279f7
                  0x012279fd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x012279fd
                  0x01227bd5
                  0x01227bd8
                  0x00000000
                  0x00000000
                  0x01227ba9
                  0x01227bac
                  0x01227bb0
                  0x01227bb1
                  0x01227bb1
                  0x01227bb6
                  0x00000000
                  0x01227bb6
                  0x01227aa7
                  0x01227aaa
                  0x00000000
                  0x00000000
                  0x01227ab2
                  0x01227ab3
                  0x01227ab5
                  0x01227aec
                  0x01227aef
                  0x01227b25
                  0x01227b28
                  0x01227b62
                  0x01227b64
                  0x01227b8f
                  0x01227b92
                  0x01227b96
                  0x01227b98
                  0x00000000
                  0x00000000
                  0x01227b9e
                  0x01227b9f
                  0x01227ba3
                  0x00000000
                  0x01227ba3
                  0x01227b66
                  0x01227b68
                  0x01227ae2
                  0x01227ae2
                  0x00000000
                  0x01227ae2
                  0x01227b6e
                  0x01227b72
                  0x01227b75
                  0x01227b81
                  0x01227b85
                  0x01227b87
                  0x00000000
                  0x00000000
                  0x01227b31
                  0x01227b34
                  0x01227b3c
                  0x01227b45
                  0x01227b46
                  0x01227b4f
                  0x01227b51
                  0x01227b57
                  0x01227b59
                  0x01227b59
                  0x00000000
                  0x01227b59
                  0x01227b77
                  0x00000000
                  0x01227b77
                  0x01227b2a
                  0x00000000
                  0x01227b2a
                  0x01227af1
                  0x01227af3
                  0x00000000
                  0x00000000
                  0x01227afb
                  0x01227afc
                  0x01227afe
                  0x00000000
                  0x00000000
                  0x01227b00
                  0x01227b03
                  0x00000000
                  0x00000000
                  0x01227b05
                  0x01227b09
                  0x01227b0d
                  0x01227b0f
                  0x00000000
                  0x00000000
                  0x01227b18
                  0x01227b1d
                  0x00000000
                  0x01227b1d
                  0x01227ab7
                  0x01227ab9
                  0x00000000
                  0x00000000
                  0x01227abf
                  0x01227ac1
                  0x00000000
                  0x00000000
                  0x01227ac3
                  0x01227ac6
                  0x00000000
                  0x00000000
                  0x01227ac8
                  0x01227acc
                  0x01227ad0
                  0x01227ad2
                  0x00000000
                  0x00000000
                  0x01227adb
                  0x00000000
                  0x01227adb
                  0x012279d6
                  0x012279d9
                  0x012279dc
                  0x01227a91
                  0x01227a94
                  0x00000000
                  0x01227a94
                  0x012279e2
                  0x00000000
                  0x012279e2
                  0x01227a74
                  0x01227a7a
                  0x00000000
                  0x00000000
                  0x01227a8a
                  0x01227a21
                  0x01227a21
                  0x00000000
                  0x01227a21
                  0x011bc650
                  0x011bc651
                  0x011bc656
                  0x011bc65c
                  0x011bc65d
                  0x011bc663
                  0x011bc664
                  0x011bc66a
                  0x011bc66e
                  0x012279c5
                  0x012279c7
                  0x00000000
                  0x012279c7
                  0x011bc67a
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2e970cd8e649051e3dfd315384967095082a8c4694b52121c98dcddf0be5a2c6
                  • Instruction ID: 861d5dada13650bff8ca168576c6ba898a993fa9e843808605db2dd3e30ae499
                  • Opcode Fuzzy Hash: 2e970cd8e649051e3dfd315384967095082a8c4694b52121c98dcddf0be5a2c6
                  • Instruction Fuzzy Hash: E7819675668312ABDB25CE58C481B6FB7E4EBA4364F14482EEE459B241E330DD40C791
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01236DC9 Relevance: .2, Instructions: 199COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E01236DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01236B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E011D7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E011F9AE0();
					_t87 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0123795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0123795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0123795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0123795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L011D4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01236B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01236B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01236B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01236B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E011D7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E011F9AE0();
								L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L011D2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L011D2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L011D2400( &_v52);
							}
							if(_v28 >= 0) {
								return L011D2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                  0x01236dd4
                  0x01236dde
                  0x01236de1
                  0x01236de3
                  0x01236de6
                  0x01236de9
                  0x01236dec
                  0x01236def
                  0x01236df2
                  0x01236df5
                  0x01236dfe
                  0x01236e04
                  0x01236e09
                  0x01236e0d
                  0x01236e18
                  0x01236e1b
                  0x01236e22
                  0x01236e2d
                  0x01236e30
                  0x01236e36
                  0x01236e42
                  0x01236e4d
                  0x01236e50
                  0x01236e55
                  0x01236e5c
                  0x01236e6e
                  0x01236e5e
                  0x01236e67
                  0x01236e67
                  0x01236e73
                  0x01236e74
                  0x01236e77
                  0x01236e7c
                  0x01236e7d
                  0x01236e8e
                  0x01236e93
                  0x01236e9c
                  0x01236ea8
                  0x01236eab
                  0x01236eac
                  0x01236eb3
                  0x01236ecd
                  0x01236edc
                  0x01236ee2
                  0x01236ee5
                  0x01236ef2
                  0x01236efb
                  0x01236f01
                  0x01236f06
                  0x01236f0b
                  0x01236f11
                  0x01236f1a
                  0x01236f22
                  0x01236f26
                  0x01236f26
                  0x01236f33
                  0x01236f41
                  0x01236f44
                  0x01236f47
                  0x01236f54
                  0x01236f65
                  0x01236f77
                  0x01236f7c
                  0x01236f82
                  0x01236f91
                  0x01236f99
                  0x01236fa3
                  0x01236fae
                  0x01236fae
                  0x01236fba
                  0x01236fbb
                  0x01236fbc
                  0x01236fc1
                  0x01236fc2
                  0x01236fd3
                  0x01236fd8
                  0x01236fd8
                  0x01236fdf
                  0x01236fe8
                  0x01236fee
                  0x01236fee
                  0x01236ff5
                  0x01236ffb
                  0x01236ffb
                  0x01237004
                  0x00000000
                  0x0123700a
                  0x01237004
                  0x01236eb3
                  0x01236e9c
                  0x01237015

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                  • Instruction ID: 99e432c48d0396be81105dc1d88c929c6c36643034cd071157741e0a865f920f
                  • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                  • Instruction Fuzzy Hash: 4C718FB1A1061AEFCB15DFA8C984EEEBBB9FF88314F104169E505E7250D734AA41CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0124B8D0 Relevance: .2, Instructions: 199COMMON
                  Download Yara Rule
                  C-Code - Quality: 39%
                  			E0124B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x12a7b9c; // 0x0
				_t124 = L011D4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E011F9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E011F95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E011F95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L011D77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E011F9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E011F95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x12a7b9c; // 0x0
									_t92 = L011D4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E011F9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E011BA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0124E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0124E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E011F95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                  0x0124b8d9
                  0x0124b8e4
                  0x00000000
                  0x0124b8e6
                  0x0124b8f3
                  0x0124b8f5
                  0x0124b8f5
                  0x0124b8f8
                  0x0124b920
                  0x0124b924
                  0x0124b936
                  0x0124b939
                  0x0124b93d
                  0x0124b948
                  0x0124b9a0
                  0x0124b9a0
                  0x0124b9a4
                  0x0124b9bf
                  0x0124b9c4
                  0x0124b9c6
                  0x0124b9cd
                  0x0124b9d1
                  0x0124bad4
                  0x0124bad8
                  0x0124bada
                  0x0124badc
                  0x0124badc
                  0x0124badf
                  0x0124bae0
                  0x0124bae2
                  0x0124bae4
                  0x0124baec
                  0x0124baee
                  0x0124baf0
                  0x0124baf0
                  0x0124baec
                  0x0124bafb
                  0x0124bafc
                  0x0124bafe
                  0x0124bb01
                  0x0124bb01
                  0x00000000
                  0x0124bb06
                  0x0124b9d7
                  0x0124b9db
                  0x0124b9db
                  0x0124b9de
                  0x0124b9de
                  0x0124b9e4
                  0x0124b9e7
                  0x0124b9ea
                  0x0124b9ec
                  0x0124b9ef
                  0x0124b9f3
                  0x0124ba1b
                  0x0124ba1b
                  0x0124ba23
                  0x0124ba24
                  0x0124ba27
                  0x0124ba2a
                  0x0124ba2b
                  0x0124ba2e
                  0x0124ba30
                  0x0124ba37
                  0x0124ba3f
                  0x0124ba9c
                  0x0124baa2
                  0x0124bb13
                  0x0124bb15
                  0x0124baae
                  0x0124baae
                  0x0124bab3
                  0x0124bab5
                  0x0124baba
                  0x0124bac8
                  0x0124bac8
                  0x0124baba
                  0x0124bacd
                  0x0124bacf
                  0x00000000
                  0x0124bacf
                  0x0124bb1a
                  0x00000000
                  0x0124bb1c
                  0x0124baa7
                  0x0124bb11
                  0x00000000
                  0x0124bb11
                  0x0124baa9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0124ba41
                  0x0124ba41
                  0x0124ba41
                  0x0124ba58
                  0x0124ba5d
                  0x0124ba62
                  0x00000000
                  0x00000000
                  0x0124ba64
                  0x0124ba67
                  0x0124ba68
                  0x0124ba69
                  0x0124ba6c
                  0x0124ba6f
                  0x0124ba71
                  0x0124ba78
                  0x0124ba80
                  0x00000000
                  0x00000000
                  0x0124ba90
                  0x0124ba90
                  0x0124ba97
                  0x00000000
                  0x0124ba97
                  0x0124b9f5
                  0x0124b9f7
                  0x0124b9f7
                  0x0124b9fa
                  0x0124ba03
                  0x0124ba07
                  0x0124ba0c
                  0x0124ba10
                  0x0124ba17
                  0x00000000
                  0x0124b9f7
                  0x0124b9a6
                  0x0124b9a8
                  0x0124b9af
                  0x0124b9b3
                  0x00000000
                  0x00000000
                  0x0124b9b9
                  0x00000000
                  0x0124b9b9
                  0x0124b94d
                  0x0124b98f
                  0x0124b995
                  0x0124b999
                  0x0124b960
                  0x0124b967
                  0x0124b968
                  0x0124b96a
                  0x00000000
                  0x0124b96a
                  0x0124b99b
                  0x0124b99e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0124b99e
                  0x0124b951
                  0x0124b954
                  0x0124b95a
                  0x0124b95e
                  0x0124b972
                  0x0124b979
                  0x0124b97d
                  0x0124b97f
                  0x0124b980
                  0x0124b982
                  0x0124b984
                  0x00000000
                  0x0124b984
                  0x00000000
                  0x0124b926
                  0x00000000
                  0x0124b926

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 09729920ca8257df8aa08c937bd91a06111e29272e7f38c2784d6df07892ef88
                  • Instruction ID: 147a76375f2335a4603a2c8401c0b8f004c01b462b4f876f3eaaa437478b3d01
                  • Opcode Fuzzy Hash: 09729920ca8257df8aa08c937bd91a06111e29272e7f38c2784d6df07892ef88
                  • Instruction Fuzzy Hash: B3712232220706AFE73ADF28C845F66BBA5FF44724F154928E755876A0EB75E940CB40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B52A5 Relevance: .2, Instructions: 161COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E011B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E011CEEF0(0x12a79a0);
					_t104 =  *0x12a8210; // 0xc82c90
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E011CEB70(_t93, 0x12a79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E011F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E011CEEF0(0x12a79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E011CEB70(0, 0x12a79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xc82c9d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E011EF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E011CEEF0(0x12a79a0);
									__eflags =  *0x12a8210 - _t104; // 0xc82c90
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x12a8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01234888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E011CEB70(_t95, 0x12a79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011F95D0();
											L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011F95D0();
											L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E011CEB70(_t93, 0x12a79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E011F95D0();
										L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E011F95D0();
										L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E011EF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                  0x011b52a5
                  0x011b52ad
                  0x011b52b0
                  0x011b52b3
                  0x011b52b7
                  0x011b52ba
                  0x011b52bf
                  0x011b52c4
                  0x011b52cc
                  0x00000000
                  0x00000000
                  0x011b52ce
                  0x011b52d9
                  0x011b52dd
                  0x011b52e7
                  0x011b52f7
                  0x011b52f9
                  0x011b52fd
                  0x01210dcf
                  0x01210dd5
                  0x01210dd6
                  0x01210dd7
                  0x01210dd8
                  0x01210dd9
                  0x01210dde
                  0x01210ddf
                  0x01210de0
                  0x01210de1
                  0x01210de2
                  0x01210de5
                  0x01210dea
                  0x01210dec
                  0x01210f60
                  0x01210f64
                  0x01210f70
                  0x01210f76
                  0x01210f79
                  0x01210f79
                  0x00000000
                  0x01210f64
                  0x01210df2
                  0x01210df7
                  0x01210e04
                  0x01210e0d
                  0x01210e0d
                  0x01210e10
                  0x01210e1a
                  0x01210e1c
                  0x01210e4c
                  0x01210e52
                  0x01210e61
                  0x01210e67
                  0x01210e6b
                  0x01210e70
                  0x01210e76
                  0x01210ed7
                  0x01210edc
                  0x01210ee0
                  0x01210ee6
                  0x01210eea
                  0x01210eed
                  0x01210ef0
                  0x01210ef3
                  0x01210ef6
                  0x01210ef9
                  0x01210efe
                  0x01210f01
                  0x01210f01
                  0x01210f0b
                  0x01210f12
                  0x01210f16
                  0x01210f18
                  0x01210f1b
                  0x01210f2c
                  0x01210f31
                  0x01210f31
                  0x01210f35
                  0x01210f39
                  0x01210f3a
                  0x01210f3c
                  0x01210f3f
                  0x01210f50
                  0x01210f55
                  0x01210f55
                  0x01210f59
                  0x011b52eb
                  0x011b52f1
                  0x011b52f1
                  0x01210e7d
                  0x01210e84
                  0x01210e88
                  0x01210e8a
                  0x01210e8d
                  0x01210e9e
                  0x01210ea3
                  0x01210ea3
                  0x01210ea7
                  0x01210eaf
                  0x01210eb3
                  0x01210eb9
                  0x01210eb9
                  0x01210ebc
                  0x01210ecd
                  0x01210ecd
                  0x00000000
                  0x01210eb3
                  0x01210e21
                  0x01210e2b
                  0x01210e2f
                  0x01210e30
                  0x01210e3a
                  0x01210e3f
                  0x01210e41
                  0x00000000
                  0x00000000
                  0x01210e47
                  0x00000000
                  0x01210e47
                  0x01210df9
                  0x01210dfe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01210dfe
                  0x011b5303
                  0x011b5307
                  0x00000000
                  0x011b5309
                  0x00000000
                  0x011b5309
                  0x011b5307
                  0x011b52e9
                  0x011b52e9
                  0x00000000
                  0x011b52e9
                  0x011b530e
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ee782fd1f51961633e36457b755cd0617a58e343fdc57646a0a5f6c06d3c364
                  • Instruction ID: b9da90fa00012a31bee1be839a49fa43f69302142c321c23267ed4d0c7a63808
                  • Opcode Fuzzy Hash: 5ee782fd1f51961633e36457b755cd0617a58e343fdc57646a0a5f6c06d3c364
                  • Instruction Fuzzy Hash: 3B51EB31146742ABD329EF28C885B6BBBE5FF64718F14081EF58583651E770E844CBA6
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E2AE4 Relevance: .2, Instructions: 159COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x12a8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x12a8208; // 0x12a8207
				_t8 = _t57 + 0x12a8208; // 0x12a8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x12a8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x12a821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x12a6d5c; // 0x7f2b0654
							_t72 =  *0x12a6d5c; // 0x7f2b0654
							_t75 =  *0x12a6d5c; // 0x7f2b0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x12a6d5c; // 0x7f2b0654
							_t84 =  *0x12a6d5c; // 0x7f2b0654
							_t87 =  *0x12a6d5c; // 0x7f2b0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E011FF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                  0x011e2ae4
                  0x011e2aec
                  0x011e2aef
                  0x011e2af4
                  0x011e2af7
                  0x011e2afd
                  0x011e2b92
                  0x011e2b92
                  0x011e2b97
                  0x011e2b9c
                  0x011e2b9c
                  0x011e2b03
                  0x011e2b06
                  0x011e2b09
                  0x011e2b09
                  0x011e2b0f
                  0x011e2b15
                  0x011e2b15
                  0x011e2b1b
                  0x011e2b1e
                  0x011e2b21
                  0x011e2b26
                  0x011e2b29
                  0x011e2b81
                  0x011e2b84
                  0x011e2c0e
                  0x011e2c15
                  0x011e2c24
                  0x011e2c24
                  0x011e2b8a
                  0x011e2b8a
                  0x011e2b8a
                  0x011e2b8a
                  0x011e2b90
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011e2b4a
                  0x011e2b4a
                  0x011e2b4d
                  0x011e2b53
                  0x00000000
                  0x00000000
                  0x011e2b55
                  0x011e2b58
                  0x011e2bb7
                  0x01225d1b
                  0x01225d37
                  0x01225d47
                  0x01225d53
                  0x011e2bbd
                  0x011e2bbd
                  0x011e2bbd
                  0x011e2bb7
                  0x011e2b5d
                  0x011e2c2f
                  0x01225d5b
                  0x01225d77
                  0x01225d87
                  0x01225d93
                  0x011e2c35
                  0x011e2c35
                  0x011e2c35
                  0x011e2c2f
                  0x011e2b65
                  0x011e2b9f
                  0x011e2ba2
                  0x011e2b67
                  0x011e2b67
                  0x011e2b69
                  0x011e2b6b
                  0x011e2b6e
                  0x011e2bc9
                  0x011e2bcc
                  0x011e2bcf
                  0x011e2bd4
                  0x011e2bd6
                  0x011e2bd6
                  0x011e2bdb
                  0x011e2c02
                  0x011e2c05
                  0x011e2c07
                  0x00000000
                  0x011e2c07
                  0x011e2be0
                  0x011e2c00
                  0x011e2c3f
                  0x011e2c3f
                  0x00000000
                  0x011e2c00
                  0x011e2be5
                  0x011e2be7
                  0x011e2bec
                  0x011e2bf4
                  0x011e2bf6
                  0x00000000
                  0x011e2bf6
                  0x011e2b70
                  0x011e2b76
                  0x011e2b2b
                  0x011e2b2b
                  0x011e2b2d
                  0x011e2b2f
                  0x011e2b32
                  0x011e2b35
                  0x011e2b3a
                  0x00000000
                  0x011e2b40
                  0x011e2b43
                  0x011e2b45
                  0x011e2b47
                  0x011e2b4a
                  0x011e2b4d
                  0x011e2b53
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011e2b53
                  0x011e2b78
                  0x011e2b78
                  0x011e2b7b
                  0x011e2b7e
                  0x00000000
                  0x011e2b7e
                  0x011e2b76
                  0x011e2ba5
                  0x011e2ba5
                  0x011e2ba8
                  0x011e2bad
                  0x00000000
                  0x00000000
                  0x011e2baf
                  0x011e2baf
                  0x011e2bc2
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8e5d0fd4ca1a98018fc34195704fff8176cf018fe0af534fd46e5f007d525113
                  • Instruction ID: edae9c8727bb78313ee149bb9992ff5792cea9807d4c25ec3e5cc55c0ac93cf6
                  • Opcode Fuzzy Hash: 8e5d0fd4ca1a98018fc34195704fff8176cf018fe0af534fd46e5f007d525113
                  • Instruction Fuzzy Hash: 4A51B476B009258FCB1CCF9CC8A89BDB7F5FB8870071A845AE8469B315D734AE51CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DDBE9 Relevance: .1, Instructions: 149COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E011DDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E011BCC50(E011B4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E011D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01288ED6(_t102, _t98);
						}
						_t76 = _v44;
						E011D2280(_t58, _v44);
						E011DDD82(_v44, _t102, _t98);
						E011DB944(_t102, _v5);
						return E011CFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x12a8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x12a862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x12a8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x12a862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x127fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                  0x011ddbe9
                  0x011ddbf2
                  0x011ddbf7
                  0x011ddbf9
                  0x011ddbfc
                  0x011ddc00
                  0x011ddc03
                  0x011ddc14
                  0x011ddd54
                  0x011ddd54
                  0x011ddd54
                  0x011ddc18
                  0x011ddc1d
                  0x011ddc1d
                  0x011ddc32
                  0x011ddc3b
                  0x011ddc3e
                  0x011ddc46
                  0x011ddd5b
                  0x011ddd62
                  0x011ddd64
                  0x011ddd67
                  0x011ddd69
                  0x011ddd6b
                  0x011ddd6e
                  0x011ddd70
                  0x011ddd73
                  0x011ddd73
                  0x00000000
                  0x011ddc4c
                  0x011ddc4e
                  0x01223ae3
                  0x01223ae8
                  0x01223aea
                  0x011ddce7
                  0x011ddce9
                  0x011ddcec
                  0x011ddcee
                  0x011ddcf0
                  0x011ddcf3
                  0x011ddcf5
                  0x01223af2
                  0x01223af5
                  0x01223af5
                  0x011ddd06
                  0x011ddd08
                  0x011ddd0b
                  0x011ddd12
                  0x01223b08
                  0x011ddd18
                  0x011ddd18
                  0x011ddd18
                  0x011ddd20
                  0x011ddd23
                  0x01223b16
                  0x01223b16
                  0x011ddd29
                  0x011ddd2d
                  0x011ddd36
                  0x011ddd40
                  0x011ddd51
                  0x011ddd51
                  0x011ddc54
                  0x011ddc59
                  0x011ddc59
                  0x011ddc5e
                  0x011ddc5e
                  0x011ddc63
                  0x011ddc66
                  0x011ddc6b
                  0x011ddc78
                  0x011ddc7b
                  0x011ddc81
                  0x011ddc81
                  0x011ddc83
                  0x011ddc89
                  0x00000000
                  0x00000000
                  0x011ddd7b
                  0x011ddd7b
                  0x011ddc8f
                  0x011ddc8f
                  0x011ddc92
                  0x011ddc99
                  0x011ddc9f
                  0x011ddca5
                  0x011ddcaa
                  0x011ddcaa
                  0x011ddcb3
                  0x011ddcb8
                  0x011ddcbb
                  0x011ddcc1
                  0x011ddccf
                  0x011ddcd2
                  0x011ddcd5
                  0x011ddcd7
                  0x011ddcda
                  0x011ddcdc
                  0x011ddcdc
                  0x011ddce2
                  0x011ddce4
                  0x00000000
                  0x011ddce4

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b289a6044682149f3667ae0f64b801292cf6ba98fbd367a4f2954e7a9fb81a50
                  • Instruction ID: f68fff4f094fd31e7573a1204ce8ccffd96d9a3cc745aebf8214f5306d24f74a
                  • Opcode Fuzzy Hash: b289a6044682149f3667ae0f64b801292cf6ba98fbd367a4f2954e7a9fb81a50
                  • Instruction Fuzzy Hash: 8151CE71E00616DFCF18CFA8D480AAEFBF5BF48310F25815AD555A7384EB34A944CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011CEF40 Relevance: .1, Instructions: 147COMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E011CEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E011B9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7738c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E011B2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                  0x011cef4b
                  0x011cef4d
                  0x011cef57
                  0x011cf0bd
                  0x011cf0c2
                  0x011cf0d2
                  0x011cf0d2
                  0x011cf0c2
                  0x011cef5d
                  0x011cef5f
                  0x011cef67
                  0x011cef6a
                  0x011cef6d
                  0x011cef74
                  0x011cef7f
                  0x011cef82
                  0x011cef82
                  0x011cef86
                  0x011cef88
                  0x011cef8c
                  0x011cef8f
                  0x011cef8f
                  0x011cef8f
                  0x00000000
                  0x011cef91
                  0x011cef93
                  0x011cefc4
                  0x011cefc4
                  0x011cefc4
                  0x011cefca
                  0x011cefd0
                  0x011cf0a6
                  0x00000000
                  0x00000000
                  0x011cf0af
                  0x0121bb06
                  0x0121bb0a
                  0x011cf0b5
                  0x011cf0b5
                  0x011cf0b5
                  0x011cf0b5
                  0x00000000
                  0x011cefd6
                  0x011cefd9
                  0x011cf0de
                  0x011cf0e2
                  0x011cefdf
                  0x011cefdf
                  0x011cefdf
                  0x011cefe5
                  0x0121bafc
                  0x0121bafc
                  0x011cefe5
                  0x011cefeb
                  0x011cefed
                  0x011cf00f
                  0x011cf011
                  0x011cf01a
                  0x011cf01d
                  0x011cf021
                  0x011cf028
                  0x011cf029
                  0x011cf029
                  0x011cf02c
                  0x00000000
                  0x011cf02c
                  0x011ceff3
                  0x011ceff9
                  0x011cf0ea
                  0x011cf0ed
                  0x011cf0ef
                  0x00000000
                  0x011cf0ef
                  0x011cf003
                  0x0121bb12
                  0x011cf045
                  0x011cf049
                  0x011cf051
                  0x011cf09e
                  0x011cf0a0
                  0x011cf0a0
                  0x011cf09e
                  0x011cf053
                  0x011cf064
                  0x011cf064
                  0x011cf06b
                  0x0121bb1a
                  0x0121bb1a
                  0x011cf071
                  0x011cf071
                  0x011cf07d
                  0x011cf082
                  0x011cf08f
                  0x011cf08f
                  0x011cf009
                  0x011cf00d
                  0x00000000
                  0x011cf00d
                  0x011cefd0
                  0x011cef97
                  0x011cefa5
                  0x011cefaa
                  0x00000000
                  0x011cefac
                  0x011cefac
                  0x011cefac
                  0x00000000
                  0x011cefb2
                  0x011cf036
                  0x011cf03a
                  0x011cf040
                  0x011cf090
                  0x00000000
                  0x011cf092
                  0x011cf042
                  0x00000000
                  0x011cf042
                  0x011cefb7
                  0x011cefb9
                  0x011cefbc
                  0x011cefb0
                  0x011cefb0
                  0x00000000
                  0x011cefbe
                  0x011cefbe
                  0x011cefc1
                  0x00000000
                  0x011cefc1
                  0x011cefbc
                  0x011cefaa
                  0x011cef91

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                  • Instruction ID: 8ba4fe5af93e9266d8d94d5fadd8a6f5e905cbe5b2416ef8b7a3aca666961457
                  • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                  • Instruction Fuzzy Hash: CC511630A0524ADFEB2DCB68C0C07AEBFF3AF25B14F1481ACC54557282C375A99AC752
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0128740D Relevance: .1, Instructions: 141COMMON
                  Download Yara Rule
                  C-Code - Quality: 84%
                  			E0128740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0120D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E011FF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L011D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L011D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E011FF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L011D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                  0x0128740d
                  0x0128740d
                  0x01287412
                  0x01287413
                  0x01287416
                  0x01287418
                  0x0128741c
                  0x0128741f
                  0x01287422
                  0x01287422
                  0x01287428
                  0x0128742a
                  0x0128742a
                  0x01287451
                  0x01287432
                  0x0128744f
                  0x0128744f
                  0x00000000
                  0x01287434
                  0x01287438
                  0x01287443
                  0x01287517
                  0x01287517
                  0x0128751a
                  0x01287535
                  0x01287520
                  0x01287527
                  0x0128752c
                  0x01287531
                  0x01287533
                  0x00000000
                  0x01287533
                  0x00000000
                  0x01287531
                  0x0128754b
                  0x0128754f
                  0x0128755c
                  0x0128755c
                  0x0128755f
                  0x01287560
                  0x01287561
                  0x01287562
                  0x01287563
                  0x01287568
                  0x0128756a
                  0x0128756c
                  0x0128756d
                  0x0128756d
                  0x0128756f
                  0x01287572
                  0x01287574
                  0x01287577
                  0x0128757c
                  0x0128757f
                  0x00000000
                  0x01287551
                  0x01287551
                  0x01287551
                  0x01287553
                  0x01287553
                  0x01287449
                  0x01287449
                  0x0128744c
                  0x0128744c
                  0x00000000
                  0x0128744c
                  0x01287443
                  0x0128750e
                  0x01287514
                  0x01287514
                  0x01287455
                  0x01287469
                  0x0128746d
                  0x00000000
                  0x01287473
                  0x01287473
                  0x01287476
                  0x01287480
                  0x01287484
                  0x0128748e
                  0x01287493
                  0x01287493
                  0x01287496
                  0x01287499
                  0x012874a1
                  0x012874b1
                  0x012874b5
                  0x00000000
                  0x012874bb
                  0x012874c1
                  0x012874c1
                  0x012874c4
                  0x012874c5
                  0x012874c6
                  0x012874c7
                  0x012874c8
                  0x012874cd
                  0x00000000
                  0x012874d3
                  0x012874d3
                  0x012874d6
                  0x012874d8
                  0x012874db
                  0x012874dd
                  0x012874e0
                  0x012874e7
                  0x012874ee
                  0x012874ee
                  0x012874f4
                  0x012874f9
                  0x00000000
                  0x012874fb
                  0x012874fb
                  0x012874fd
                  0x01287500
                  0x01287503
                  0x01287505
                  0x01287505
                  0x012874f9
                  0x00000000
                  0x012874cd
                  0x012874b5
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                  • Instruction ID: 5755d0db0165249b03d298792319fc4d478a684fe2f54aa3316a5c66f4aeb8c0
                  • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                  • Instruction Fuzzy Hash: F351AE71611646EFDB16DF18D480A96BBB5FF45304F24C0BAEA089F252E371E946CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E2990 Relevance: .1, Instructions: 133COMMON
                  Download Yara Rule
                  C-Code - Quality: 97%
                  			E011E2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x128ff00);
				E0120D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1191664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E011FE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1191668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E012351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x119166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E011E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E011C6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E011E2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E011CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E011E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E011E2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E011E2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0120D0D1(_t62);
				goto L28;
			}





















                  0x011e2990
                  0x011e2992
                  0x011e2997
                  0x011e29a3
                  0x011e29a6
                  0x011e29ab
                  0x011e29ad
                  0x011e29b2
                  0x01225c80
                  0x011e29b8
                  0x011e29b8
                  0x011e29bb
                  0x011e29c0
                  0x011e29c5
                  0x011e29c6
                  0x011e29c6
                  0x011e29cb
                  0x00000000
                  0x00000000
                  0x011e29cd
                  0x011e29d0
                  0x011e29d9
                  0x011e29db
                  0x011e29dd
                  0x011e2a7f
                  0x011e2a84
                  0x011e2a87
                  0x011e2a89
                  0x01225ca1
                  0x01225ca3
                  0x00000000
                  0x011e2a8f
                  0x011e2a8f
                  0x00000000
                  0x011e2a8f
                  0x00000000
                  0x011e29e3
                  0x011e29e3
                  0x011e29e3
                  0x00000000
                  0x011e29e3
                  0x011e29dd
                  0x00000000
                  0x011e29db
                  0x011e29e6
                  0x011e29e9
                  0x011e29eb
                  0x011e29ed
                  0x011e29f3
                  0x011e29f5
                  0x011e29f8
                  0x011e29fa
                  0x011e2a97
                  0x011e2a9a
                  0x011e2a9d
                  0x011e2add
                  0x00000000
                  0x011e2a9f
                  0x011e2aa2
                  0x011e2aa5
                  0x011e2aa8
                  0x011e2aab
                  0x01225cab
                  0x01225caf
                  0x01225cc5
                  0x01225cda
                  0x01225cdc
                  0x01225cdf
                  0x01225ce5
                  0x00000000
                  0x01225ceb
                  0x01225ced
                  0x01225cee
                  0x00000000
                  0x01225cee
                  0x01225cb1
                  0x01225cb4
                  0x01225cb9
                  0x01225cbb
                  0x00000000
                  0x01225cbd
                  0x01225cbd
                  0x00000000
                  0x01225cbd
                  0x01225cbb
                  0x011e2ab1
                  0x011e2ab1
                  0x011e2ac4
                  0x011e2ac6
                  0x011e2ac6
                  0x00000000
                  0x011e2ac6
                  0x011e2aab
                  0x00000000
                  0x011e2a00
                  0x011e2a09
                  0x011e2a0e
                  0x011e2a21
                  0x011e2a24
                  0x011e2a35
                  0x011e2a3a
                  0x011e2a3d
                  0x011e2a42
                  0x011e2a59
                  0x011e2a59
                  0x011e2a5c
                  0x011e2a5f
                  0x011e2a5f
                  0x011e29fa
                  0x011e29f3
                  0x011e2a64
                  0x011e2a64
                  0x011e2a6b
                  0x011e2a6b
                  0x011e2a6d
                  0x011e2a72
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5b1c2edead7cb39c142acf13a5e7d3e9610dbd2c69c5753d00a30ca591dc7e57
                  • Instruction ID: 7551a8a242c95d31f88c471540d692ae29b0aa5a293b72ea03a448af9c99669d
                  • Opcode Fuzzy Hash: 5b1c2edead7cb39c142acf13a5e7d3e9610dbd2c69c5753d00a30ca591dc7e57
                  • Instruction Fuzzy Hash: 70519E3190061AEFDF29CF98C854AEEBBB9BF88354F158119F9146B260D7358D52CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E4D3B Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E011E4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x12ad360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E011FFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x12a7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E011FB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L011D4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E011BCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E011FB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E011FF380(_t67 + 0xc, 0x1195138, 0x10) == 0) {
								 *0x12a60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E011E4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E011E4E70(0x12a86b0, 0x11e5690, 0, 0) != 0) {
					_t46 = E011BCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                  0x011e4d3b
                  0x011e4d4d
                  0x011e4d53
                  0x011e4d58
                  0x011e4d65
                  0x011e4d6c
                  0x011e4d71
                  0x011e4d77
                  0x011e4d7f
                  0x011e4d8c
                  0x011e4d8e
                  0x011e4dad
                  0x011e4db0
                  0x011e4db7
                  0x011e4db8
                  0x011e4db9
                  0x011e4dba
                  0x011e4dbb
                  0x011e4dc1
                  0x011e4dc8
                  0x011e4dcc
                  0x011e4dd5
                  0x011e4dde
                  0x011e4ddf
                  0x011e4de0
                  0x011e4de1
                  0x011e4de6
                  0x011e4de7
                  0x011e4de9
                  0x011e4df3
                  0x00000000
                  0x00000000
                  0x01226c7c
                  0x01226c8a
                  0x01226c8a
                  0x01226c9d
                  0x01226ca7
                  0x01226cac
                  0x01226cb2
                  0x01226cb9
                  0x00000000
                  0x01226cbf
                  0x01226cbf
                  0x00000000
                  0x01226cbf
                  0x01226cb9
                  0x011e4dfb
                  0x01226ccf
                  0x01226cd3
                  0x011e4e32
                  0x011e4e39
                  0x01226ce0
                  0x01226cf2
                  0x01226cf2
                  0x01226ce0
                  0x011e4e3f
                  0x011e4e41
                  0x011e4e51
                  0x011e4e51
                  0x011e4e03
                  0x011e4e03
                  0x011e4e09
                  0x011e4e0f
                  0x011e4e57
                  0x00000000
                  0x00000000
                  0x011e4e1b
                  0x011e4e30
                  0x011e4e5b
                  0x011e4e5b
                  0x00000000
                  0x011e4e30
                  0x011e4e11
                  0x011e4e11
                  0x011e4e16
                  0x00000000
                  0x011e4e16
                  0x011e4e01
                  0x00000000
                  0x011e4e01
                  0x011e4da5
                  0x01226c6b
                  0x00000000
                  0x011e4dab
                  0x011e4dab
                  0x00000000
                  0x011e4dab

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 315506ef6472abc40ce04e77eaaca6f940d4ee05ee31db510d8d2715cc10932b
                  • Instruction ID: 92d78243f918d542505de0074e161d9314a03a68badf56053186b65b4789f12f
                  • Opcode Fuzzy Hash: 315506ef6472abc40ce04e77eaaca6f940d4ee05ee31db510d8d2715cc10932b
                  • Instruction Fuzzy Hash: 22410871A44728AFEB3ADF54CC88FAAB7E9EB54714F000099E905D7681D774DD40CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E4BAD Relevance: .1, Instructions: 131COMMON
                  Download Yara Rule
                  C-Code - Quality: 85%
                  			E011E4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x12ad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E011BCC50(_t86);
					L11:
					return E011FB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x12a8504
				E011D2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E011FFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E011FB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L011D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E011BCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x12a8504
								E011CFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E011E4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                  0x011e4bad
                  0x011e4bbf
                  0x011e4bc2
                  0x011e4bc6
                  0x011e4bcd
                  0x011e4bd9
                  0x012267fe
                  0x01226800
                  0x011e4ccc
                  0x011e4ccd
                  0x011e4cb7
                  0x011e4cc9
                  0x011e4cc9
                  0x011e4bdf
                  0x011e4be5
                  0x00000000
                  0x00000000
                  0x011e4beb
                  0x011e4bef
                  0x00000000
                  0x00000000
                  0x011e4bf5
                  0x011e4bf9
                  0x011e4c06
                  0x011e4c0b
                  0x011e4c17
                  0x011e4c1c
                  0x011e4c1f
                  0x011e4c25
                  0x011e4c33
                  0x011e4c3d
                  0x011e4c40
                  0x011e4c43
                  0x011e4c47
                  0x011e4c4d
                  0x011e4c53
                  0x011e4c54
                  0x011e4c55
                  0x011e4c56
                  0x011e4c5b
                  0x011e4c5c
                  0x011e4c63
                  0x011e4c6b
                  0x00000000
                  0x00000000
                  0x01226776
                  0x01226784
                  0x01226784
                  0x0122679f
                  0x012267a7
                  0x012267af
                  0x012267ce
                  0x00000000
                  0x012267b1
                  0x012267b7
                  0x012267b8
                  0x012267c1
                  0x012267d3
                  0x012267d9
                  0x012267dd
                  0x011e4c94
                  0x011e4c94
                  0x011e4c98
                  0x011e4c9c
                  0x011e4ca3
                  0x012267f4
                  0x012267f4
                  0x011e4cb5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011e4cb5
                  0x011e4c79
                  0x011e4c7e
                  0x011e4c89
                  0x011e4c8b
                  0x011e4c8f
                  0x011e4c8f
                  0x00000000
                  0x011e4c89
                  0x012267c3
                  0x00000000
                  0x012267c3
                  0x012267af
                  0x011e4c73
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a4839f1c8335cadea8d1044befddffc9b0bc5bf72ffb9c5c7504124d17fca78a
                  • Instruction ID: 744f0524a2bec73dab28c1809b661c46dd5fbad863694dbac1aeb775e005d40d
                  • Opcode Fuzzy Hash: a4839f1c8335cadea8d1044befddffc9b0bc5bf72ffb9c5c7504124d17fca78a
                  • Instruction Fuzzy Hash: CE41E736A00629ABDB29DF68C944BEE77F4EF55700F0104A5EA08EB641DB74DE80CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C8A0A Relevance: .1, Instructions: 120COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E011C8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x12ad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E011FB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E011CE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1191180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E011E1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E011F3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E011C8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                  0x011c8a0a
                  0x011c8a1c
                  0x011c8a23
                  0x011c8a2e
                  0x011c8a30
                  0x011c8a36
                  0x011c8a3c
                  0x011c8a3e
                  0x011c8a4a
                  0x011c8a52
                  0x011c8a9c
                  0x011c8aae
                  0x011c8a58
                  0x011c8a5e
                  0x011c8a6a
                  0x011c8a6f
                  0x011c8a75
                  0x011c8a7d
                  0x011c8a85
                  0x011c8a86
                  0x011c8a89
                  0x011c8a93
                  0x011c8a99
                  0x011c8a9b
                  0x00000000
                  0x011c8aaf
                  0x011c8abe
                  0x011c8ac3
                  0x011c8acb
                  0x011c8ad7
                  0x011c8ae0
                  0x011c8af1
                  0x00000000
                  0x011c8af1
                  0x011c8acd
                  0x011c8ad5
                  0x011c8afb
                  0x011c8afd
                  0x011c8aff
                  0x011c8b07
                  0x011c8b22
                  0x011c8b24
                  0x011c8b2a
                  0x011c8b2e
                  0x011c8b3f
                  0x011c8b78
                  0x011c8b41
                  0x011c8b52
                  0x011c8b54
                  0x011c8b5c
                  0x011c8b74
                  0x011c8b74
                  0x011c8b5c
                  0x011c8b3f
                  0x011c8b5e
                  0x011c8b61
                  0x011c8b64
                  0x011c8b64
                  0x011c8b6c
                  0x011c8b6c
                  0x011c8b11
                  0x01219cd5
                  0x01219cd5
                  0x011c8b17
                  0x011c8b1a
                  0x011c8b1a
                  0x00000000
                  0x011c8ad5
                  0x011c8a89

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 14a6b8142f5f98baff0b3a45550b9263ac9709ce0195638f8e0abfdbc0b00021
                  • Instruction ID: d97b81c6c6ad46766031ff6af345897bdcb2c4c39a12c059d2cb9b840a1c92a1
                  • Opcode Fuzzy Hash: 14a6b8142f5f98baff0b3a45550b9263ac9709ce0195638f8e0abfdbc0b00021
                  • Instruction Fuzzy Hash: C24160B4A0022D9BDB28DF59C8C8BA9B7F4FB64700F1145EAD91997252E770DE80CF60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012369A6 Relevance: .1, Instructions: 108COMMON
                  Download Yara Rule
                  C-Code - Quality: 69%
                  			E012369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x12ad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L011C6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01236BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E011F9980() >= 0) {
							E011D2280(_t56, 0x12a8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x12a8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x12a8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E011BB6F0(0x119c338, 0x119c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E011F9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E011F95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E011CFFB0(_t68, _t77, 0x12a8778);
				}
				_pop(_t78);
				return E011FB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                  0x012369b5
                  0x012369be
                  0x012369c3
                  0x012369c9
                  0x012369cc
                  0x012369d1
                  0x012369d3
                  0x012369de
                  0x012369e1
                  0x012369ea
                  0x012369f6
                  0x012369fe
                  0x01236a13
                  0x01236a14
                  0x01236a15
                  0x01236a16
                  0x01236a1e
                  0x01236a26
                  0x01236a31
                  0x01236a36
                  0x01236a37
                  0x01236a40
                  0x01236a49
                  0x01236a4a
                  0x01236a53
                  0x01236a59
                  0x01236a5d
                  0x01236a5e
                  0x01236a64
                  0x01236a67
                  0x01236a6a
                  0x01236a6d
                  0x01236a70
                  0x01236a77
                  0x01236a7d
                  0x01236a86
                  0x01236a89
                  0x01236a9c
                  0x01236a9f
                  0x01236aa2
                  0x01236aa5
                  0x01236aaf
                  0x01236ab1
                  0x01236ab8
                  0x01236ab9
                  0x01236abb
                  0x01236abe
                  0x01236ac5
                  0x01236ac5
                  0x01236aaf
                  0x01236a40
                  0x01236a26
                  0x012369fe
                  0x01236ace
                  0x01236ad0
                  0x01236ad3
                  0x01236ad8
                  0x01236adf
                  0x01236adf
                  0x01236ae8
                  0x01236aef
                  0x01236aef
                  0x01236af9
                  0x01236b06

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3651046514608e9ee2eb646ccb10efd9b70ff9d33f51a565daa11e067fc01c68
                  • Instruction ID: 1eaed248358ea63d97d5607866b6f20d5d6e562bb725231c42c03980e3031d48
                  • Opcode Fuzzy Hash: 3651046514608e9ee2eb646ccb10efd9b70ff9d33f51a565daa11e067fc01c68
                  • Instruction Fuzzy Hash: AD415EB1D00209AFDB18DFA9D940BFEBBF9EF48714F14812AEA14A7250DB749906CB51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B5210 Relevance: .1, Instructions: 107COMMON
                  Download Yara Rule
                  C-Code - Quality: 85%
                  			E011B5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E011B52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011F95D0();
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E011CEB70(_t54, 0x12a79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E011F95D0();
								L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E011CEB70(_t54, 0x12a79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E011FF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E011CEB70(_t54, 0x12a79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011F95D0();
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                  0x011b5220
                  0x011b5224
                  0x01210d13
                  0x01210d16
                  0x01210d19
                  0x011b522a
                  0x011b522a
                  0x011b522d
                  0x011b522d
                  0x011b5231
                  0x011b5235
                  0x011b5239
                  0x01210d5c
                  0x01210d62
                  0x00000000
                  0x00000000
                  0x01210d6a
                  0x01210d7b
                  0x01210d7f
                  0x01210d81
                  0x01210d84
                  0x01210d95
                  0x01210d95
                  0x01210d6c
                  0x01210d71
                  0x01210d71
                  0x01210d9a
                  0x00000000
                  0x011b524a
                  0x011b524a
                  0x011b5250
                  0x01210d24
                  0x01210d35
                  0x01210d39
                  0x01210d3b
                  0x01210d3e
                  0x01210d50
                  0x01210d50
                  0x01210d26
                  0x01210d2b
                  0x01210d2b
                  0x00000000
                  0x01210d55
                  0x011b5256
                  0x011b525b
                  0x011b5265
                  0x01210da7
                  0x011b526b
                  0x011b526e
                  0x011b5272
                  0x01210db1
                  0x01210db4
                  0x01210dc5
                  0x01210dc5
                  0x011b5272
                  0x011b5278
                  0x011b527e
                  0x011b528a
                  0x011b528c
                  0x011b528d
                  0x00000000
                  0x011b5280
                  0x011b5282
                  0x011b5288
                  0x011b529f
                  0x011b5292
                  0x00000000
                  0x011b5292
                  0x00000000
                  0x011b5288
                  0x011b527e

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4b3b68d5729e1255827e97e80845261addc95265162e68c9fe245eb40ed82faf
                  • Instruction ID: 2c39190dbfc40eec02448f4cc5a6051ef2c168916179c8a493fac054882c55e9
                  • Opcode Fuzzy Hash: 4b3b68d5729e1255827e97e80845261addc95265162e68c9fe245eb40ed82faf
                  • Instruction Fuzzy Hash: 69315931262602DFC72AEF18C881F7A7BB6FF30764F51462AF5150B1A4D770E841C695
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F3D43 Relevance: .1, Instructions: 106COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011F3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E011C7B60(0, _t61, 0x11911c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E011C7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L011D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                  0x011f3d4c
                  0x011f3d50
                  0x011f3d55
                  0x011f3d5e
                  0x0122e79a
                  0x00000000
                  0x0122e79a
                  0x011f3d68
                  0x0122e789
                  0x011f3d9d
                  0x011f3da3
                  0x011f3daf
                  0x011f3db5
                  0x011f3dbc
                  0x011f3dc4
                  0x011f3dc9
                  0x011f3dce
                  0x0122e7ae
                  0x0122e7ae
                  0x011f3dde
                  0x011f3de2
                  0x011f3de7
                  0x011f3e0d
                  0x011f3e13
                  0x011f3e16
                  0x011f3e1e
                  0x011f3e25
                  0x011f3e28
                  0x00000000
                  0x00000000
                  0x011f3e2a
                  0x011f3e2f
                  0x011f3e37
                  0x011f3e37
                  0x00000000
                  0x011f3e37
                  0x011f3e31
                  0x00000000
                  0x011f3e31
                  0x011f3e20
                  0x011f3e20
                  0x011f3e35
                  0x00000000
                  0x011f3de9
                  0x011f3de9
                  0x011f3de9
                  0x011f3dee
                  0x011f3dfd
                  0x011f3dff
                  0x011f3e02
                  0x011f3e05
                  0x011f3e05
                  0x00000000
                  0x011f3df0
                  0x011f3de7
                  0x0122e78f
                  0x0122e794
                  0x011f3d79
                  0x011f3d84
                  0x011f3d89
                  0x011f3d8e
                  0x00000000
                  0x0122e7a4
                  0x011f3d96
                  0x011f3d9a
                  0x00000000
                  0x011f3d9a
                  0x00000000
                  0x0122e794
                  0x011f3d6e
                  0x011f3d73
                  0x00000000
                  0x0122e7b5
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 23f16684644280205e89238a3532b6b2f732d00ff6a532282be2d8a2f3364397
                  • Instruction ID: f210863ca1a7753a08362a1565d618d656a64b9c0029a89dcd4a1078db4b4216
                  • Opcode Fuzzy Hash: 23f16684644280205e89238a3532b6b2f732d00ff6a532282be2d8a2f3364397
                  • Instruction Fuzzy Hash: FC31DE31A21621DBD72D8F2DC841A7EBBE5FF55700B06806EEA59CB391E730D841C791
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EA61C Relevance: .1, Instructions: 106COMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E011EA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1290220);
				E0120D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x12a7b9c; // 0x0
				_t55 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0120D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x12a7b10 =  *0x12a7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x12a536c; // 0x77495368
					if( *_t51 != 0x12a5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x12a5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x12a536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E011EA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                  0x011ea61c
                  0x011ea61e
                  0x011ea623
                  0x011ea628
                  0x011ea62b
                  0x011ea62d
                  0x011ea648
                  0x011ea64a
                  0x011ea64f
                  0x01229b44
                  0x011ea6ec
                  0x011ea6f1
                  0x011ea6f1
                  0x011ea655
                  0x011ea657
                  0x011ea65a
                  0x011ea65d
                  0x011ea662
                  0x011ea663
                  0x011ea667
                  0x011ea668
                  0x011ea66d
                  0x011ea706
                  0x011ea706
                  0x01229bda
                  0x01229be6
                  0x01229beb
                  0x00000000
                  0x01229beb
                  0x011ea679
                  0x01229b7a
                  0x00000000
                  0x01229b7a
                  0x011ea683
                  0x011ea6f4
                  0x011ea6f7
                  0x011ea6f9
                  0x011ea6fd
                  0x011ea6a0
                  0x011ea6a0
                  0x011ea6ad
                  0x011ea6af
                  0x011ea6b4
                  0x01229ba7
                  0x01229bac
                  0x00000000
                  0x00000000
                  0x01229bc6
                  0x01229bce
                  0x01229bd1
                  0x01229bd3
                  0x01229bd3
                  0x00000000
                  0x01229bd1
                  0x011ea6bd
                  0x011ea6c3
                  0x011ea6c6
                  0x011ea6d2
                  0x011ea701
                  0x011ea704
                  0x00000000
                  0x011ea704
                  0x011ea6d4
                  0x011ea6d6
                  0x011ea6d9
                  0x011ea6db
                  0x011ea6e1
                  0x011ea6e6
                  0x011ea6e8
                  0x011ea6e8
                  0x011ea6ea
                  0x00000000
                  0x011ea6ea
                  0x011ea688
                  0x011ea692
                  0x011ea694
                  0x011ea699
                  0x00000000
                  0x00000000
                  0x011ea69d
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 25d0af1bcaaafe15ffd5f30f3d1518af76acefa2288beccf11a2970d5804c4c1
                  • Instruction ID: 9837fa4fd25f783bada2ccba8d86779645e939e770ae59f60a4ebc37ffe95b43
                  • Opcode Fuzzy Hash: 25d0af1bcaaafe15ffd5f30f3d1518af76acefa2288beccf11a2970d5804c4c1
                  • Instruction Fuzzy Hash: 9541BAB5A50619EFCF18CF98D894BADBBF1BF89304F1580A9EA04AB344D375A940CF50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DC182 Relevance: .1, Instructions: 104COMMON
                  Download Yara Rule
                  C-Code - Quality: 68%
                  			E011DC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E011D7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01288D34(_v8, _t80);
					}
					E011D2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E011CFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01288833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E011CFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E011FB180();
						if(_a4 != 0) {
							E011D2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E011DBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E011DBB2D(_t16, _t15);
						E011DB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E011CFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E011CFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E011CFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                  0x011dc18d
                  0x011dc18f
                  0x011dc191
                  0x011dc19b
                  0x011dc1a0
                  0x011dc1d4
                  0x011dc1de
                  0x01222d6e
                  0x011dc1e4
                  0x011dc1e4
                  0x011dc1e4
                  0x011dc1ec
                  0x01222d7d
                  0x01222d7d
                  0x011dc1f3
                  0x011dc1ff
                  0x01222d88
                  0x01222d8d
                  0x01222d94
                  0x01222d94
                  0x01222d9f
                  0x01222da4
                  0x01222dab
                  0x01222db0
                  0x01222db2
                  0x01222db3
                  0x01222db4
                  0x01222dbc
                  0x01222dc3
                  0x01222dc3
                  0x011dc205
                  0x011dc205
                  0x011dc208
                  0x011dc20e
                  0x011dc211
                  0x011dc216
                  0x011dc219
                  0x011dc21f
                  0x011dc222
                  0x011dc22c
                  0x011dc234
                  0x011dc23a
                  0x011dc23f
                  0x011dc245
                  0x011dc24b
                  0x011dc251
                  0x011dc25a
                  0x011dc276
                  0x011dc27d
                  0x011dc27d
                  0x011dc25c
                  0x011dc25c
                  0x00000000
                  0x011dc25e
                  0x011dc1a4
                  0x011dc1aa
                  0x011dc1b3
                  0x011dc265
                  0x011dc26c
                  0x011dc26c
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                  • Instruction ID: 72a8450f0b72003d32d9a5f77359d53d16f1dcedceeeac905e4a05ce9d021875
                  • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                  • Instruction Fuzzy Hash: AF314672A0558BFED70DEBB4C480BE9FB55BF62208F08415ED51C47241DB396A0ACBE6
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01237016 Relevance: .1, Instructions: 104COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E01237016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x12ad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01236B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01236B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E011D7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E011F9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E011FB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L011D4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                  0x01237016
                  0x0123701e
                  0x0123702b
                  0x01237033
                  0x01237037
                  0x0123703c
                  0x0123703e
                  0x01237041
                  0x01237045
                  0x0123704a
                  0x01237050
                  0x01237055
                  0x0123705a
                  0x01237062
                  0x01237062
                  0x0123705a
                  0x01237064
                  0x01237064
                  0x01237067
                  0x01237071
                  0x01237096
                  0x0123709b
                  0x012370a2
                  0x012370a6
                  0x012370a7
                  0x012370ad
                  0x012370b3
                  0x012370b6
                  0x012370bb
                  0x012370c3
                  0x012370c3
                  0x012370c6
                  0x012370cd
                  0x012370dd
                  0x012370e0
                  0x012370e2
                  0x012370e2
                  0x012370ee
                  0x01237101
                  0x012370f0
                  0x012370f9
                  0x012370f9
                  0x0123710a
                  0x0123710e
                  0x01237112
                  0x01237117
                  0x01237118
                  0x01237118
                  0x012370bb
                  0x0123711d
                  0x01237123
                  0x01237131
                  0x01237131
                  0x01237136
                  0x0123713d
                  0x0123713e
                  0x0123713f
                  0x0123714a
                  0x0123714a
                  0x01237084
                  0x01237088
                  0x00000000
                  0x0123708e
                  0x0123708e
                  0x01237092
                  0x00000000
                  0x01237092

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 17a73229894a0733a118cdc3513374a74013bfd7ce3b816c4f8ab29f4cf4a666
                  • Instruction ID: 9435aeaa5e89c6cb89be4cd9a21902fef1b8e83c3dd3bb3d83d1aec4dea036b0
                  • Opcode Fuzzy Hash: 17a73229894a0733a118cdc3513374a74013bfd7ce3b816c4f8ab29f4cf4a666
                  • Instruction Fuzzy Hash: F131E4B26147529BC724DF28C840A6AB7E9FFC8700F044A2DFA9597690E730E904CBA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F6DE6 Relevance: .1, Instructions: 101COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E011F6DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E011F6EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E011E6A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}


















                  0x011f6de6
                  0x011f6dee
                  0x011f6df1
                  0x011f6df4
                  0x011f6dfd
                  0x012305d3
                  0x012305d3
                  0x012305e4
                  0x012305f9
                  0x012305f9
                  0x012305fe
                  0x011f6e96
                  0x011f6e9c
                  0x011f6e9c
                  0x011f6e03
                  0x011f6e09
                  0x011f6e0c
                  0x011f6e12
                  0x011f6e15
                  0x011f6e1b
                  0x012305a1
                  0x011f6eb1
                  0x011f6eb1
                  0x011f6eb1
                  0x011f6e21
                  0x011f6e2a
                  0x011f6e9f
                  0x011f6eab
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011f6eab
                  0x011f6e2c
                  0x011f6e34
                  0x00000000
                  0x011f6e3d
                  0x011f6e3d
                  0x011f6e42
                  0x011f6e4d
                  0x012305ac
                  0x012305b2
                  0x012305b2
                  0x00000000
                  0x012305ac
                  0x011f6e56
                  0x011f6e59
                  0x011f6e5d
                  0x011f6e5f
                  0x011f6e64
                  0x011f6e94
                  0x011f6e94
                  0x00000000
                  0x011f6e94
                  0x011f6e6a
                  0x011f6e6d
                  0x012305ba
                  0x012305bd
                  0x012305ca
                  0x012305cc
                  0x011f6e91
                  0x011f6e91
                  0x00000000
                  0x011f6e91
                  0x012305c0
                  0x00000000
                  0x012305c0
                  0x011f6e7e
                  0x011f6e7e
                  0x011f6e80
                  0x011f6e86
                  0x00000000
                  0x00000000
                  0x011f6eba
                  0x011f6eba
                  0x011f6e88
                  0x011f6e8b
                  0x011f6e8f
                  0x00000000
                  0x011f6e8f

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                  • Instruction ID: 86d2d3e2bfb505a72c0e22c727e28cfa73d784e026ba340e31c3af514ba27381
                  • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                  • Instruction Fuzzy Hash: C131B272204215DFC72DCF29C480AAAB7A6FFC5314B15C95EE65A8B252DB31F802CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EA70E Relevance: .1, Instructions: 96COMMON
                  Download Yara Rule
                  C-Code - Quality: 92%
                  			E011EA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x12a7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x12a7b10 = 8;
					 *0x12a7b14 = 0x12a7b0c;
					 *0x12a7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E011EA990(0x12a7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L011EA840(__edx, __ecx, __ecx, _t52, 0x12a7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x12a7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x12a7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x12a7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L011D4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x12a7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E011FF3E0(_t50,  *0x12a7b14, _t8 >> 3);
						_t28 =  *0x12a7b14; // 0x0
						__eflags = _t28 - 0x12a7b0c;
						if(_t28 != 0x12a7b0c) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x12a7b14 = _t50;
						_t48 = _v12;
						 *0x12a7b10 = _t9;
						goto L6;
					}
					 *0x12a7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                  0x011ea713
                  0x011ea714
                  0x011ea717
                  0x011ea71d
                  0x011ea720
                  0x011ea722
                  0x011ea727
                  0x011ea74a
                  0x011ea754
                  0x011ea75e
                  0x011ea768
                  0x011ea76a
                  0x011ea773
                  0x011ea78b
                  0x011ea790
                  0x011ea792
                  0x011ea741
                  0x011ea741
                  0x011ea743
                  0x011ea749
                  0x011ea749
                  0x011ea732
                  0x011ea73a
                  0x011ea797
                  0x011ea79d
                  0x011ea7a3
                  0x011ea7a9
                  0x011ea7b6
                  0x011ea7bc
                  0x011ea7ca
                  0x011ea7e0
                  0x011ea7e2
                  0x011ea7e4
                  0x01229bf2
                  0x00000000
                  0x01229bf2
                  0x011ea7ed
                  0x011ea7f2
                  0x011ea800
                  0x011ea805
                  0x011ea80d
                  0x011ea812
                  0x01229c08
                  0x01229c08
                  0x011ea818
                  0x011ea81b
                  0x011ea821
                  0x011ea824
                  0x00000000
                  0x011ea824
                  0x011ea7ae
                  0x00000000
                  0x011ea7ae
                  0x011ea73c
                  0x011ea73e
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 470fcc9927d1e4f2551a3995efe78da436fe6859e85c96fc375b03a163b08fba
                  • Instruction ID: 2e9834b707bbf37f2128ab407f68d6728e220e9bbb9593f893cfd09e84d793a5
                  • Opcode Fuzzy Hash: 470fcc9927d1e4f2551a3995efe78da436fe6859e85c96fc375b03a163b08fba
                  • Instruction Fuzzy Hash: BE31E4F1650A019FC729CF48F888F59BBF9FB84710F950D59E20587244E7729905CB96
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E61A0 Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 97%
                  			E011E61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E011E5E50(0x11967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01289D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E011BF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                  0x011e61b3
                  0x011e61b5
                  0x011e61bd
                  0x011e61c3
                  0x011e61c7
                  0x011e61d2
                  0x011e61ff
                  0x011e61ff
                  0x011e6201
                  0x011e6207
                  0x011e6207
                  0x011e61d4
                  0x011e61d9
                  0x00000000
                  0x00000000
                  0x011e61df
                  0x011e61e2
                  0x00000000
                  0x00000000
                  0x011e61e6
                  0x011e61e8
                  0x011e61ee
                  0x011e61ee
                  0x011e61f9
                  0x0122762f
                  0x01227632
                  0x01227635
                  0x01227639
                  0x01227640
                  0x0122766e
                  0x01227675
                  0x00000000
                  0x00000000
                  0x01227681
                  0x01227689
                  0x0122768d
                  0x01227691
                  0x01227695
                  0x01227699
                  0x012276af
                  0x012276b5
                  0x012276b7
                  0x012276b7
                  0x012276d7
                  0x012276dc
                  0x00000000
                  0x012276dc
                  0x012276a2
                  0x012276a9
                  0x01227651
                  0x01227653
                  0x01227653
                  0x01227656
                  0x01227656
                  0x00000000
                  0x01227656
                  0x01227644
                  0x01227646
                  0x01227648
                  0x01227648
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 067deeb0f53d13dcf03e2932cdac971491db24bb5e225989a6f69bc0b46e17d1
                  • Instruction ID: 9f502c3d366eb868c52a294f5b1ecd7793e9a52ec74a10c66102d4f8ebfd5241
                  • Opcode Fuzzy Hash: 067deeb0f53d13dcf03e2932cdac971491db24bb5e225989a6f69bc0b46e17d1
                  • Instruction Fuzzy Hash: 4F31EF716187129FE324CF4DC804B2ABBE4FFA8B00F04486DEA8897351E7B0E840CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BAA16 Relevance: .1, Instructions: 93COMMON
                  Download Yara Rule
                  C-Code - Quality: 95%
                  			E011BAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x12ad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x12a7b9c; // 0x0
					_t53 = L011D4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E011FB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E011FF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L011C6C59(_t53, _t51, _t58) != 0) {
							_t28 = E011E5E50(0x119c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E011EB230(_v32, _v28, 0x119c2d8, 1,  &_v24);
								_t28 = E011BF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                  0x011baa25
                  0x011baa29
                  0x011baa2d
                  0x011baa30
                  0x011baa37
                  0x011baa3c
                  0x01214458
                  0x01214458
                  0x01214472
                  0x01214474
                  0x01214476
                  0x011baa64
                  0x011baa74
                  0x0121447c
                  0x01214483
                  0x01214492
                  0x011baa52
                  0x011baa54
                  0x011baa5e
                  0x012144a8
                  0x012144ad
                  0x012144af
                  0x012144b6
                  0x012144b6
                  0x012144b9
                  0x012144bc
                  0x012144cd
                  0x012144d3
                  0x012144d6
                  0x012144e1
                  0x012144e1
                  0x012144e6
                  0x012144e8
                  0x012144fb
                  0x012144fb
                  0x012144e8
                  0x00000000
                  0x011baa5e
                  0x01214476
                  0x011baa42
                  0x011baa46
                  0x011baa48
                  0x011baa4c
                  0x00000000
                  0x00000000
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 71bcd71849009308d68fe3d7a2d70cb2b49043782290204743cefe5d5195b05e
                  • Instruction ID: a1a82c1e686189839a6d55281102456ab45d43e57fcfc316492a4c7c91d1bf85
                  • Opcode Fuzzy Hash: 71bcd71849009308d68fe3d7a2d70cb2b49043782290204743cefe5d5195b05e
                  • Instruction Fuzzy Hash: 6B31F772A0051AABCF19EFA8CD81ABFB7B9FF54704F414469F905EB240E7749911CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F8EC7 Relevance: .1, Instructions: 92COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E011F8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x12ad360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E011E4E70(0x12a86e4, 0x11f9490, 0, 0);
					if( *0x12a53e8 > 5 && E011F8F33(0x12a53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x12a53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x12a53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x119bc46;
						_t48 = E01237B9C(0x12a53e8, 0x119bc46, _t67, 0x12a53e8, _t70,  &_v140);
					}
				}
				return E011FB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                  0x011f8ec7
                  0x011f8ed9
                  0x011f8edc
                  0x011f8ee6
                  0x011f8ee9
                  0x011f8eee
                  0x011f8efc
                  0x011f8f08
                  0x01231349
                  0x01231353
                  0x0123135d
                  0x01231366
                  0x0123136f
                  0x01231375
                  0x0123137c
                  0x01231385
                  0x01231390
                  0x01231391
                  0x0123139c
                  0x0123139d
                  0x012313a6
                  0x012313ac
                  0x012313b2
                  0x012313b5
                  0x012313bc
                  0x012313bf
                  0x012313c2
                  0x012313c5
                  0x012313c8
                  0x012313cb
                  0x012313ce
                  0x012313d1
                  0x012313d4
                  0x012313d7
                  0x012313da
                  0x012313dd
                  0x012313e0
                  0x012313e3
                  0x012313e6
                  0x012313e9
                  0x012313f6
                  0x01231400
                  0x01231400
                  0x011f8f08
                  0x011f8f32

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5afe53c70288b950f969c97266a7aac244c5e357aabe9f3801af467dc46c1a58
                  • Instruction ID: 57594f3032c2cd5db9ecd75c5c84f21b20c490683af70ba9db9558247b7b9640
                  • Opcode Fuzzy Hash: 5afe53c70288b950f969c97266a7aac244c5e357aabe9f3801af467dc46c1a58
                  • Instruction Fuzzy Hash: 1941A1B1D002189FDB24CFAAD981AAEFBF4FB48710F5041AEE609A7200E7745A44CF51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EE730 Relevance: .1, Instructions: 89COMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E011EE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E011F9670() < 0) {
					E0120DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x12a7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L011D4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M011EE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                  0x011ee730
                  0x011ee736
                  0x011ee738
                  0x011ee73d
                  0x011ee73e
                  0x011ee740
                  0x011ee749
                  0x011ee765
                  0x011ee76a
                  0x011ee76b
                  0x011ee76c
                  0x011ee76d
                  0x011ee76e
                  0x011ee76f
                  0x011ee775
                  0x011ee777
                  0x011ee77e
                  0x0122b675
                  0x011ee784
                  0x011ee784
                  0x011ee789
                  0x011ee7a8
                  0x011ee7ac
                  0x011ee807
                  0x011ee7ae
                  0x011ee7ae
                  0x011ee7b1
                  0x011ee7b4
                  0x011ee7b9
                  0x011ee7c0
                  0x011ee7c4
                  0x011ee7ca
                  0x011ee7cc
                  0x00000000
                  0x011ee7d3
                  0x011ee7d6
                  0x00000000
                  0x00000000
                  0x011ee7ff
                  0x011ee802
                  0x00000000
                  0x00000000
                  0x011ee7f9
                  0x011ee7fc
                  0x00000000
                  0x00000000
                  0x011ee7f3
                  0x011ee7f6
                  0x00000000
                  0x00000000
                  0x011ee7ed
                  0x011ee7f0
                  0x00000000
                  0x00000000
                  0x011ee7e7
                  0x011ee7ea
                  0x00000000
                  0x00000000
                  0x0122b685
                  0x0122b688
                  0x00000000
                  0x00000000
                  0x0122b682
                  0x00000000
                  0x00000000
                  0x011ee7cc
                  0x011ee7d9
                  0x011ee7dc
                  0x011ee7de
                  0x011ee7de
                  0x011ee7ac
                  0x011ee7e4
                  0x011ee74b
                  0x011ee751
                  0x011ee759
                  0x011ee761
                  0x011ee761

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 64259372f72f3e217665854b15b341a8fea444c0cb61b0392dc23a27bdeffddb
                  • Instruction ID: 22eba8a194c4f8847392c2907d05c0b7b3dbcb1ec91f4dd0c622a05ca23c3454
                  • Opcode Fuzzy Hash: 64259372f72f3e217665854b15b341a8fea444c0cb61b0392dc23a27bdeffddb
                  • Instruction Fuzzy Hash: A7315C75A54249AFD748CF98D845F9ABBE4FB09314F14826AFA04CB341E731ED80CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EBC2C Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E011EBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x12a6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E011D2280(0xd, 0x5d3f1a0);
				_t41 =  *0x12a60f8; // 0x0
				if(_t41 != 0) {
					 *0x12a60f8 =  *_t41;
					 *0x12a60fc =  *0x12a60fc + 0xffff;
				}
				E011CFFB0(_t41, 0x800, 0x5d3f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x12a60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L011D4620(0x12a6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x12a6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                  0x011ebc36
                  0x011ebc42
                  0x011ebc45
                  0x011ebc4a
                  0x011ebd35
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011ebc50
                  0x011ebc50
                  0x011ebc58
                  0x011ebc5a
                  0x011ebc60
                  0x00000000
                  0x00000000
                  0x0122a4f2
                  0x0122a4f6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0122a4fc
                  0x011ebc79
                  0x011ebc7e
                  0x011ebc86
                  0x011ebd16
                  0x011ebd20
                  0x011ebd20
                  0x011ebc8d
                  0x011ebc94
                  0x011ebcbd
                  0x011ebcca
                  0x011ebccb
                  0x011ebccc
                  0x011ebccd
                  0x011ebcce
                  0x011ebcd4
                  0x011ebcea
                  0x011ebcee
                  0x011ebcf2
                  0x011ebd00
                  0x011ebd04
                  0x00000000
                  0x011ebc96
                  0x011ebcab
                  0x011ebcaf
                  0x011ebd2c
                  0x011ebd2c
                  0x011ebd09
                  0x00000000
                  0x011ebd09
                  0x011ebcb1
                  0x011ebcb5
                  0x011ebcbb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011ebcbb

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2dd3f06869c5d9fb8f047d2ac5164625726205c4817ea65a404c64d456d5537
                  • Instruction ID: d20d03723a409783a3ee1b16b01b629ed2cc4d0549de23adeb166d9cefafb382
                  • Opcode Fuzzy Hash: b2dd3f06869c5d9fb8f047d2ac5164625726205c4817ea65a404c64d456d5537
                  • Instruction Fuzzy Hash: 1C313E32A08A069FCB26DF98E4C47AA77B0FF18314F490079ED05EB206EB35D9458B85
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B9100 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  C-Code - Quality: 76%
                  			E011B9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x128f6e8);
				E0120D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E012888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0120D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x12a86c0; // 0xc807b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x12a86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E011D2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E012888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E011FAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x12ab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x12a84c0;
										if(_t69 >=  *0x12a84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01289063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E011B922A(_t82);
							_t53 = E011D7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01288B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x12a86c0; // 0xc807b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x12a86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x12a86bc;
										_t72 = 0x12a86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E011B9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x12a86c4;
									_t72 = 0x12a86c0;
									L18:
									E011E9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                  0x011b9100
                  0x011b9100
                  0x011b9100
                  0x011b9100
                  0x011b9102
                  0x011b9107
                  0x011b910c
                  0x011b9110
                  0x011b9115
                  0x011b9136
                  0x011b9143
                  0x012137e4
                  0x012137e4
                  0x011b9149
                  0x011b914e
                  0x011b914e
                  0x011b9117
                  0x011b911d
                  0x00000000
                  0x00000000
                  0x011b911f
                  0x011b9125
                  0x00000000
                  0x011b9151
                  0x011b9158
                  0x011b915d
                  0x011b9161
                  0x011b9168
                  0x01213715
                  0x00000000
                  0x011b916e
                  0x011b916e
                  0x011b9175
                  0x011b9177
                  0x011b917e
                  0x011b917f
                  0x011b9182
                  0x011b9182
                  0x011b9187
                  0x011b9187
                  0x011b918a
                  0x011b918d
                  0x011b918f
                  0x011b9192
                  0x011b9195
                  0x011b9198
                  0x011b9198
                  0x011b9198
                  0x011b919a
                  0x00000000
                  0x00000000
                  0x0121371f
                  0x01213721
                  0x01213727
                  0x0121372f
                  0x01213733
                  0x01213735
                  0x01213738
                  0x0121373b
                  0x0121373d
                  0x01213740
                  0x00000000
                  0x00000000
                  0x01213746
                  0x01213749
                  0x00000000
                  0x00000000
                  0x0121374f
                  0x01213751
                  0x00000000
                  0x00000000
                  0x01213757
                  0x01213759
                  0x0121375c
                  0x0121375c
                  0x0121375e
                  0x0121375e
                  0x01213761
                  0x01213764
                  0x00000000
                  0x00000000
                  0x01213766
                  0x01213768
                  0x012137a3
                  0x012137a3
                  0x012137a5
                  0x012137a7
                  0x012137ad
                  0x012137b0
                  0x012137b2
                  0x012137bc
                  0x012137c2
                  0x012137c2
                  0x012137b2
                  0x011b9187
                  0x011b9187
                  0x011b918a
                  0x011b918d
                  0x011b918f
                  0x011b9192
                  0x011b9195
                  0x00000000
                  0x011b9195
                  0x00000000
                  0x011b9187
                  0x0121376a
                  0x0121376a
                  0x0121376c
                  0x0121376c
                  0x0121376f
                  0x01213775
                  0x00000000
                  0x00000000
                  0x01213777
                  0x01213779
                  0x00000000
                  0x00000000
                  0x01213782
                  0x01213787
                  0x01213789
                  0x01213790
                  0x01213790
                  0x0121378b
                  0x0121378b
                  0x0121378b
                  0x01213792
                  0x01213795
                  0x01213795
                  0x01213798
                  0x01213798
                  0x0121379b
                  0x0121379b
                  0x011b91a3
                  0x011b91a9
                  0x011b91b0
                  0x011b91b4
                  0x011b91b4
                  0x011b91bb
                  0x011b91c0
                  0x011b91c5
                  0x011b91c7
                  0x012137da
                  0x011b91cd
                  0x011b91cd
                  0x011b91cd
                  0x011b91d2
                  0x011b91d5
                  0x011b9239
                  0x011b9239
                  0x011b91d7
                  0x011b91db
                  0x011b91e1
                  0x011b91e7
                  0x011b91fd
                  0x011b9203
                  0x011b921e
                  0x011b9223
                  0x00000000
                  0x011b9223
                  0x011b9205
                  0x011b9208
                  0x011b920c
                  0x011b9214
                  0x011b9214
                  0x011b91e9
                  0x011b91e9
                  0x011b91ee
                  0x011b91f3
                  0x011b91f3
                  0x011b91f3
                  0x011b91e7
                  0x00000000
                  0x011b91db
                  0x011b9187
                  0x011b9168

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f83fd75e7fc5b53422b23aaaab643c8163192e8d6b76ce6a4ae46c8a383c807
                  • Instruction ID: 23ec0e0d82c965364ebf548aa44dfc3c7d680acc24b67ffb8cdfc4d627cb3606
                  • Opcode Fuzzy Hash: 8f83fd75e7fc5b53422b23aaaab643c8163192e8d6b76ce6a4ae46c8a383c807
                  • Instruction Fuzzy Hash: AD31C5B5A11249DFEB2ADF6CC0C87ECBBF1BB58328F58814DC61467281C334A981DB51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E1DB5 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  C-Code - Quality: 60%
                  			E011E1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E011DF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L011D4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E011DF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                  0x011e1dc2
                  0x011e1dc5
                  0x011e1dc7
                  0x011e1dcc
                  0x011e1dce
                  0x011e1dd6
                  0x011e1ddf
                  0x011e1de0
                  0x011e1de1
                  0x011e1de5
                  0x011e1de8
                  0x011e1def
                  0x011e1df0
                  0x011e1df6
                  0x011e1df7
                  0x011e1dfe
                  0x011e1e1a
                  0x00000000
                  0x00000000
                  0x011e1e0b
                  0x011e1e12
                  0x011e1e12
                  0x011e1e00
                  0x011e1e00
                  0x011e1e05
                  0x011e1e1e
                  0x011e1e23
                  0x0122570f
                  0x01225713
                  0x00000000
                  0x00000000
                  0x01225719
                  0x01225719
                  0x011e1e2c
                  0x011e1e2d
                  0x011e1e2e
                  0x011e1e2f
                  0x011e1e31
                  0x011e1e32
                  0x011e1e35
                  0x011e1e3d
                  0x01225723
                  0x0122573d
                  0x0122573d
                  0x00000000
                  0x01225723
                  0x011e1e49
                  0x011e1e4e
                  0x011e1e4e
                  0x011e1e09
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                  • Instruction ID: 4b85dd92eeb76c6ce6d64771587db47d73b865629ce6928030166510d27d36d7
                  • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                  • Instruction Fuzzy Hash: 61217C72600529FFD72ACF99CC84EAABBB9EF85744F154055FA05A7250D734AE01CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01236C0A Relevance: .1, Instructions: 79COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E01236C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E011D7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x12a7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L011D4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E011FF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E011D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E011F9AE0();
						_t23 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                  0x01236c0a
                  0x01236c0f
                  0x01236c10
                  0x01236c13
                  0x01236c15
                  0x01236c19
                  0x01236c1c
                  0x01236c21
                  0x01236c28
                  0x01236c3a
                  0x01236c2a
                  0x01236c33
                  0x01236c33
                  0x01236c3f
                  0x01236c48
                  0x01236c4d
                  0x01236c60
                  0x01236c65
                  0x01236c69
                  0x01236c73
                  0x01236c79
                  0x01236c7f
                  0x01236c86
                  0x01236c90
                  0x01236c94
                  0x01236ca6
                  0x01236cb2
                  0x01236cbd
                  0x01236cbd
                  0x01236cc3
                  0x01236cc7
                  0x01236ccb
                  0x01236cd0
                  0x01236cd1
                  0x01236ce2
                  0x01236ce2
                  0x01236c69
                  0x01236ced

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3ecd02fcf0ddca03c52439c54e97d9a4ccfa97cd72a9850bf0627696b739357b
                  • Instruction ID: f0699c9992ea157079daf556782a4a8994eb6394d9c2a40fbd56e7df11f538de
                  • Opcode Fuzzy Hash: 3ecd02fcf0ddca03c52439c54e97d9a4ccfa97cd72a9850bf0627696b739357b
                  • Instruction Fuzzy Hash: 14219AB2A10645BBD715DB68D884F2AB7A8FF48708F140069FA04C7B90D734EE10CBA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F90AF Relevance: .1, Instructions: 76COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E011F90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0120D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E011EE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L011D4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E011FF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E011EA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                  0x011f90af
                  0x011f90b8
                  0x011f90bb
                  0x011f90bf
                  0x011f90c2
                  0x011f90c2
                  0x011f90c8
                  0x011f90cb
                  0x011f90cd
                  0x012314d7
                  0x012314eb
                  0x012314eb
                  0x00000000
                  0x012314eb
                  0x012314db
                  0x012314e6
                  0x00000000
                  0x012314f2
                  0x012314e8
                  0x00000000
                  0x012314e8
                  0x011f90d8
                  0x011f90da
                  0x011f90dd
                  0x011f90e5
                  0x00000000
                  0x011f9139
                  0x011f90fa
                  0x011f90fe
                  0x011f9142
                  0x00000000
                  0x011f9142
                  0x011f9104
                  0x011f9107
                  0x011f910b
                  0x011f9110
                  0x011f9118
                  0x011f9147
                  0x011f9148
                  0x011f914f
                  0x011f9150
                  0x011f9151
                  0x011f9152
                  0x011f9156
                  0x011f915d
                  0x011f9160
                  0x011f9168
                  0x011f916c
                  0x011f91bc
                  0x011f91be
                  0x00000000
                  0x011f91be
                  0x011f916e
                  0x011f9173
                  0x011f9176
                  0x00000000
                  0x00000000
                  0x011f917c
                  0x011f9180
                  0x011f91b5
                  0x00000000
                  0x011f91b5
                  0x011f9182
                  0x011f9185
                  0x011f9189
                  0x00000000
                  0x00000000
                  0x011f918e
                  0x011f9190
                  0x011f9198
                  0x00000000
                  0x00000000
                  0x011f91a0
                  0x00000000
                  0x011f91ad
                  0x011f91ad
                  0x011f91b0
                  0x011f91b1
                  0x00000000
                  0x011f9185
                  0x011f911a
                  0x011f911c
                  0x011f911f
                  0x011f9125
                  0x011f9127
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                  • Instruction ID: 657c10d6693d486f0773377e99fa70a585a0d64f8dbb878c43a311d43164b527
                  • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                  • Instruction Fuzzy Hash: 7E217F71A00309EFDB25EF59C844EAAFBF8EB54324F15887EFA45A7211D330A914CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E3B7A Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E011E3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x12a84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x12a84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x12a84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E011FAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E011FFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x12a84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x12a84c4; // 0x0
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                  0x011e3b89
                  0x011e3b96
                  0x011e3ba1
                  0x011e3bab
                  0x011e3bb5
                  0x011e3bb9
                  0x01226298
                  0x011e3bbf
                  0x011e3bc2
                  0x011e3bc3
                  0x011e3bc9
                  0x011e3bca
                  0x011e3bcc
                  0x011e3bcd
                  0x011e3bd4
                  0x011e3bd6
                  0x011e3bdb
                  0x011e3bea
                  0x011e3bf7
                  0x011e3bfb
                  0x011e3bff
                  0x011e3c09
                  0x011e3c0a
                  0x011e3c0b
                  0x011e3c0f
                  0x011e3c14
                  0x011e3c18
                  0x011e3c18
                  0x011e3bfb
                  0x011e3c1b
                  0x011e3c30
                  0x011e3c30
                  0x011e3c3d

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ce4b9e7c44ad96e7315e0a0326a7b8ef14b4acc193a201742977471a3a7a5dde
                  • Instruction ID: fc2d1473bcc681d59459881796bbc75463581ee739774fe6b070d9244a4e6ec7
                  • Opcode Fuzzy Hash: ce4b9e7c44ad96e7315e0a0326a7b8ef14b4acc193a201742977471a3a7a5dde
                  • Instruction Fuzzy Hash: 8321A1B2A00509AFC718DF98DD85F5ABBBDFB44708F250069EA09AB251D371ED15CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01236CF0 Relevance: .1, Instructions: 74COMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E01236CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E011D7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E011D7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1195c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E011EF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E011EF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01237016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L011D2400( &_v52);
								}
								_t21 = L011D2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                  0x01236cfb
                  0x01236d00
                  0x01236d02
                  0x01236d06
                  0x01236d0a
                  0x01236d0e
                  0x01236d19
                  0x01236d2b
                  0x01236d1b
                  0x01236d24
                  0x01236d24
                  0x01236d33
                  0x01236d39
                  0x01236d46
                  0x01236d4f
                  0x01236d61
                  0x01236d51
                  0x01236d5a
                  0x01236d5a
                  0x01236d69
                  0x01236d6b
                  0x01236d6d
                  0x01236d6f
                  0x01236d6f
                  0x01236d74
                  0x01236d79
                  0x01236d7a
                  0x01236d7f
                  0x01236d82
                  0x01236d88
                  0x01236d89
                  0x01236d90
                  0x01236d94
                  0x01236da7
                  0x01236db1
                  0x01236db1
                  0x01236dbb
                  0x01236dbb
                  0x01236d90
                  0x01236d69
                  0x01236d46
                  0x01236dc6

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5a0dde727c4f41076d0f1dd01b2dabf9eb7c2c9a45157a1ef909a0ed7b023c2e
                  • Instruction ID: b482c3029600e3cb07a20126b02216eeee958c984e82d5ed7c3a680f3f5c1de4
                  • Opcode Fuzzy Hash: 5a0dde727c4f41076d0f1dd01b2dabf9eb7c2c9a45157a1ef909a0ed7b023c2e
                  • Instruction Fuzzy Hash: A12134B241074AABD711DF28C948B6BBBECEFD1244F040456FE80C7250E734DA49C6A2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0128070D Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  C-Code - Quality: 67%
                  			E0128070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E012807DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0127AFDE( &_v8,  &_v12);
					E01281293(_t38, _v28, _t60);
					if(E011D7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E012714FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                  0x0128071b
                  0x01280724
                  0x01280734
                  0x01280738
                  0x0128074b
                  0x0128074b
                  0x01280753
                  0x01280753
                  0x01280759
                  0x0128075d
                  0x01280774
                  0x01280779
                  0x0128077d
                  0x01280789
                  0x01280795
                  0x012807a7
                  0x01280797
                  0x012807a0
                  0x012807a0
                  0x012807af
                  0x012807c4
                  0x012807cd
                  0x012807cd
                  0x012807af
                  0x012807dc

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                  • Instruction ID: 8872e6087e7b3e75b926b47d71aac3793e82c521febae1618911ba71244eb0db
                  • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                  • Instruction Fuzzy Hash: 802134362142019FD709EF28C880B6ABBA5EFD0310F048529FE948B3C5C730E919CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01237794 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E01237794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x12a7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E011FF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E011D7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E011F9AE0();
					_t24 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                  0x01237799
                  0x0123779a
                  0x0123779b
                  0x012377a3
                  0x012377ab
                  0x012377ae
                  0x012377b1
                  0x012377b1
                  0x012377bf
                  0x012377c4
                  0x012377c8
                  0x012377ce
                  0x012377d4
                  0x012377e0
                  0x012377e0
                  0x012377d6
                  0x012377d6
                  0x012377de
                  0x00000000
                  0x00000000
                  0x012377de
                  0x012377e5
                  0x012377f0
                  0x012377f3
                  0x012377f6
                  0x012377fd
                  0x01237800
                  0x0123780c
                  0x01237818
                  0x0123782b
                  0x0123781a
                  0x01237823
                  0x01237823
                  0x01237830
                  0x01237831
                  0x01237838
                  0x0123783d
                  0x0123783e
                  0x0123784f
                  0x0123784f
                  0x0123785a

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4a0a69b437315f406208138bbebc9b9d1ba6b47b2921dacc0665d6079bcfdf02
                  • Instruction ID: ec972c2f827eb07c2185ab248c13f1514654d3a2d62acbf5ea0af15bd1446b63
                  • Opcode Fuzzy Hash: 4a0a69b437315f406208138bbebc9b9d1ba6b47b2921dacc0665d6079bcfdf02
                  • Instruction Fuzzy Hash: 4421A1B2510605ABCB29DF69D880E6BBBA9EF88740F10056DF60AC7750D734E900CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DAE73 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E011DAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E011D7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E011D7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E011D7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E011D7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01237794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                  0x011dae78
                  0x011dae7c
                  0x011dae7e
                  0x011dae81
                  0x011dae86
                  0x011dae8d
                  0x01222691
                  0x011dae93
                  0x011dae93
                  0x011dae93
                  0x011dae98
                  0x011dae9d
                  0x012226a2
                  0x012226b4
                  0x012226a4
                  0x012226ad
                  0x012226ad
                  0x012226b9
                  0x00000000
                  0x012226bb
                  0x00000000
                  0x012226bb
                  0x011daea3
                  0x011daea3
                  0x011daea3
                  0x011daeaa
                  0x012226c0
                  0x012226c9
                  0x012226c9
                  0x011daeb3
                  0x012226d4
                  0x012226e1
                  0x00000000
                  0x00000000
                  0x012226e7
                  0x012226ee
                  0x012226f0
                  0x012226f9
                  0x012226f9
                  0x01222702
                  0x01222708
                  0x01222708
                  0x0122270b
                  0x0122270f
                  0x01222711
                  0x01222711
                  0x01222725
                  0x01222725
                  0x00000000
                  0x011daeb9
                  0x011daeb9
                  0x011daebf
                  0x011daebf
                  0x011daeb3

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                  • Instruction ID: 7f36eddc2c8e3cd42d797b56cc8b0f7ac47c39b13e27a45056830fd9797b319d
                  • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                  • Instruction Fuzzy Hash: 6821F6726116A2EFE72EDB2DC944B3977E8EF45344F0A00A0DE048B7A2D735DC40C6A1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EFD9B Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E011EFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E011C76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                  0x011efd9b
                  0x011efda0
                  0x011efda1
                  0x011efdab
                  0x011efdad
                  0x011efdb0
                  0x011efdb8
                  0x011efe0f
                  0x011efde6
                  0x011efde9
                  0x011efdec
                  0x0122c0c0
                  0x011efdfe
                  0x011efe06
                  0x011efe06
                  0x0122c0c8
                  0x011efe2d
                  0x011efe2d
                  0x00000000
                  0x011efe2d
                  0x0122c0d1
                  0x0122c0e0
                  0x0122c0e5
                  0x0122c0e5
                  0x0122c0e8
                  0x00000000
                  0x0122c0e8
                  0x011efdf4
                  0x00000000
                  0x00000000
                  0x011efdf6
                  0x011efdfa
                  0x011efe1a
                  0x011efe1f
                  0x011efe1f
                  0x011efdfc
                  0x00000000
                  0x011efdfc
                  0x011efdcc
                  0x011efdd0
                  0x011efe26
                  0x00000000
                  0x011efe26
                  0x011efdd8
                  0x011efddb
                  0x011efddd
                  0x011efde0
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                  • Instruction ID: 8a8f42667aeb62af231a8278b67764b2fd7a7b400ba2e3adf162134d881607c3
                  • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                  • Instruction Fuzzy Hash: AE21AC72600A52DFD739CF8DC544A6AFBE5FB94B10F22846EE94587B11D731AC42CB80
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EB390 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E011EB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E011D2280(_t12, 0x12a8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E011F00C2(0x12a8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                  0x011eb395
                  0x011eb3a2
                  0x011eb3a5
                  0x011eb3aa
                  0x011eb3b2
                  0x011eb3ba
                  0x011eb3bd
                  0x011eb3c0
                  0x011eb3c4
                  0x011eb3c9
                  0x0122a3e9
                  0x0122a3ed
                  0x0122a3f0
                  0x0122a3ff
                  0x0122a403
                  0x0122a409
                  0x00000000
                  0x00000000
                  0x0122a40b
                  0x0122a40b
                  0x0122a40f
                  0x0122a415
                  0x0122a423
                  0x0122a423
                  0x0122a415
                  0x011eb3d1
                  0x011eb3e8
                  0x011eb3e8
                  0x011eb3d9

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d905ee32357d3a9d3fcda7b05ab74425b3d6da24d64cae62f829b6872fe6268d
                  • Instruction ID: a8b65d013a8171b0e6e255e7978ef0f45ffd99c66ab5520efa06a0947c12cddf
                  • Opcode Fuzzy Hash: d905ee32357d3a9d3fcda7b05ab74425b3d6da24d64cae62f829b6872fe6268d
                  • Instruction Fuzzy Hash: D1116F377195115FCB1D8A598D4262F72A7EFC5730B29412DEE16C7B80CA319C01C694
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B9240 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E011B9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x128f708);
				E0120D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E011F95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E011F95D0();
				_t33 =  *0x12a84c4; // 0x0
				L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x12a84c4; // 0x0
				L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x12a84c4; // 0x0
				E011D2280(L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x12a86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E011F95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E011F95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E011B9325();
					_t50 =  *0x12a84c4; // 0x0
					return E0120D0D1(L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                  0x011b9240
                  0x011b9242
                  0x011b9247
                  0x011b924c
                  0x011b924e
                  0x011b9255
                  0x011b9257
                  0x011b925a
                  0x011b925f
                  0x011b925f
                  0x011b9266
                  0x011b9271
                  0x011b9276
                  0x011b9279
                  0x011b927e
                  0x011b9295
                  0x011b929a
                  0x011b92b1
                  0x011b92b6
                  0x011b92d7
                  0x011b92dc
                  0x011b92e0
                  0x011b92e6
                  0x011b92e8
                  0x011b92ee
                  0x011b9332
                  0x011b9333
                  0x011b9337
                  0x011b9338
                  0x011b933a
                  0x011b933a
                  0x011b933d
                  0x011b9342
                  0x011b9342
                  0x011b9345
                  0x011b9349
                  0x011b934e
                  0x011b9352
                  0x011b9357
                  0x011b92f4
                  0x011b92f4
                  0x011b92f6
                  0x011b92f9
                  0x011b9300
                  0x011b9306
                  0x011b9324
                  0x011b9324

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: ba8caa24044aeb2927d2c5faa9452e3f40eb8259e90446a75faf916443792a24
                  • Instruction ID: 8838a7c2822b818ba3b0d3db322985a72d82d940abf722e9a45290e8c548792b
                  • Opcode Fuzzy Hash: ba8caa24044aeb2927d2c5faa9452e3f40eb8259e90446a75faf916443792a24
                  • Instruction Fuzzy Hash: 602189B2051A01DFC32AEF68CA84F59B7B9FF18708F41456CE209866B2CB34E942CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01244257 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E01244257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x12908d0);
				E0120D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E012441E8(__ebx, __edi, __ecx, _t39);
				E011CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x12a87e4;
					_t18 =  *0x12a87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x12a5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x12a87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x12a87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L011B7055(_t31 + 0xfffffff8);
								_t24 =  *0x12a87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x12a87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x12a5cd0;
				if( *0x12a5cd0 <= 0) {
					L011B7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x12a87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x12a87e8 = _t30;
						 *0x12a87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0120D0D1(L01244320());
			}















                  0x01244257
                  0x01244257
                  0x01244257
                  0x01244259
                  0x0124425e
                  0x01244263
                  0x01244265
                  0x01244273
                  0x01244278
                  0x0124427c
                  0x0124427f
                  0x01244281
                  0x01244287
                  0x012442d7
                  0x012442d7
                  0x012442da
                  0x0124428d
                  0x0124428d
                  0x0124428f
                  0x01244292
                  0x01244297
                  0x0124429c
                  0x012442a0
                  0x012442a6
                  0x012442a8
                  0x012442ae
                  0x012442b3
                  0x00000000
                  0x012442ba
                  0x012442ba
                  0x012442bf
                  0x012442c5
                  0x012442ca
                  0x012442cf
                  0x012442d0
                  0x00000000
                  0x012442d0
                  0x012442b3
                  0x00000000
                  0x012442a6
                  0x0124429c
                  0x012442dc
                  0x012442dc
                  0x012442e3
                  0x01244309
                  0x012442e5
                  0x012442e5
                  0x012442e8
                  0x012442ee
                  0x012442f0
                  0x00000000
                  0x012442f2
                  0x012442f2
                  0x012442f4
                  0x012442f7
                  0x012442f9
                  0x01244300
                  0x01244300
                  0x012442f0
                  0x0124430e
                  0x0124431f

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 09073faf47aee246a22ea13413a7260879717164cfdb78824ef06099f158e8f0
                  • Instruction ID: 1918f2adc6d756d35fe7e212f3b021665a81d716f22e8434a4623eaa8b7053bd
                  • Opcode Fuzzy Hash: 09073faf47aee246a22ea13413a7260879717164cfdb78824ef06099f158e8f0
                  • Instruction Fuzzy Hash: 30216AB5A21742CFC72DEF68E444B24BBF1FB95355BA0826EC2098F299DB319491CF00
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E2397 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  C-Code - Quality: 29%
                  			E011E2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x12a848c != 0) {
					L011DFAD0(0x12a8610);
					if( *0x12a848c == 0) {
						E011DFA00(0x12a8610, _t19, _t27, 0x12a8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E011E2581(0x12a8610, 0x11950a0, _t26, _t27, _t28);
						E011DFA00(0x12a8610, 0x11950a0, _t27, 0x12a8610);
					}
				} else {
					L1:
					_t11 =  *0x12a8614; // 0x0
					if(_t11 == 0) {
						_t11 = E011F4886(0x1191088, 1, 0x12a8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E011E2581(0x12a8610, (_t11 << 4) + 0x1195070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                  0x011e23b0
                  0x011e23b6
                  0x011e2409
                  0x011e2415
                  0x01225ae9
                  0x00000000
                  0x011e241b
                  0x011e241b
                  0x011e241d
                  0x011e2427
                  0x011e242e
                  0x011e2430
                  0x011e2430
                  0x011e23b8
                  0x011e23b8
                  0x011e23b8
                  0x011e23bf
                  0x011e23fc
                  0x011e23fc
                  0x011e23c1
                  0x011e23c3
                  0x011e23d0
                  0x011e23d8
                  0x011e23d8
                  0x011e23dc
                  0x011e23de
                  0x011e23e1
                  0x011e23e1
                  0x011e23ec

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6be7d5af79f0223ada61583da1db36157b59374baa07af894c1cd922f9cf6160
                  • Instruction ID: ea828b764c755684bbef28468e934c9ae834485558b7203456a13a7e47ae607f
                  • Opcode Fuzzy Hash: 6be7d5af79f0223ada61583da1db36157b59374baa07af894c1cd922f9cf6160
                  • Instruction Fuzzy Hash: A2118E327087526BE73C966DAC58F25B7CDFB64721F0C802AF603A7280C7B0D8018B55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012346A7 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  C-Code - Quality: 93%
                  			E012346A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E011FF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E011ED268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L011D77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                  0x012346b7
                  0x012346ba
                  0x012346c5
                  0x012346c8
                  0x012346d0
                  0x012346d4
                  0x012346e6
                  0x012346e9
                  0x012346f4
                  0x012346ff
                  0x01234705
                  0x01234706
                  0x0123470c
                  0x01234713
                  0x0123471b
                  0x01234723
                  0x01234725
                  0x012346d6
                  0x012346d9
                  0x012346db
                  0x012346db
                  0x01234732

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                  • Instruction ID: 9d77df0b982f4d3e1f91011bac9dcf990ad234bcecba5777a13983d1480416f8
                  • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                  • Instruction Fuzzy Hash: A811C272504609BBCB059F5C98809BEB7B9EF95314F1080AAF9448B351DA318D55D7A4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F37F5 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  C-Code - Quality: 87%
                  			E011F37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E011D2280(_t6, 0x12a8550);
				}
				_t29 = E011F387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E011CFFB0(0x12a8550, _t27, 0x12a8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                  0x011f37fa
                  0x011f37fc
                  0x011f3805
                  0x011f3808
                  0x011f3808
                  0x011f3814
                  0x011f3818
                  0x011f3846
                  0x011f3848
                  0x011f384b
                  0x011f384b
                  0x011f3852
                  0x00000000
                  0x011f3854
                  0x011f3856
                  0x00000000
                  0x00000000
                  0x011f3863
                  0x00000000
                  0x011f3863
                  0x011f381a
                  0x011f381a
                  0x011f381f
                  0x011f386e
                  0x011f386e
                  0x011f3871
                  0x011f3873
                  0x011f3873
                  0x011f3868
                  0x00000000
                  0x011f3868
                  0x011f3821
                  0x011f3826
                  0x00000000
                  0x00000000
                  0x011f3828
                  0x011f382a
                  0x011f3841
                  0x00000000
                  0x011f3841

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8ada45db860325202cdffb8774e5027c879cce02105c8f32fd1fc967f52e7d0
                  • Instruction ID: a273f2a13057a0a546e19c9e8e5461661beefd8486c06d558d94b5f8a5e365e4
                  • Opcode Fuzzy Hash: b8ada45db860325202cdffb8774e5027c879cce02105c8f32fd1fc967f52e7d0
                  • Instruction Fuzzy Hash: E801C4B29116119BC33F8A1D9940A26BBA6FF85B60F16416DEA698B315D738CC01C790
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E002D Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E011D7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E011D7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E011D7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E011D7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                  0x011e0032
                  0x011e0037
                  0x011e0043
                  0x01224b3a
                  0x011e0049
                  0x011e0049
                  0x011e0049
                  0x011e004e
                  0x011e0053
                  0x01224b48
                  0x01224b5a
                  0x01224b4a
                  0x01224b53
                  0x01224b53
                  0x01224b5f
                  0x00000000
                  0x01224b61
                  0x00000000
                  0x01224b61
                  0x011e0059
                  0x011e0059
                  0x011e0060
                  0x01224b6f
                  0x01224b6f
                  0x011e0069
                  0x01224b83
                  0x00000000
                  0x00000000
                  0x01224b90
                  0x01224b9b
                  0x01224b9b
                  0x01224ba4
                  0x00000000
                  0x00000000
                  0x01224baa
                  0x00000000
                  0x011e006f
                  0x011e006f
                  0x00000000
                  0x011e006f
                  0x011e0069

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                  • Instruction ID: 2d50e63596cf404226195db36e0784701c210010f212f6c9feaeb27b758a851e
                  • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                  • Instruction Fuzzy Hash: 18110C32B11AD29FD72BA76CC948B393BD4AF45798F1A00A0EE0497692E368D841C251
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C766D Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E011C766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E011EF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E011EF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L011D4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                  0x011c7672
                  0x011c767f
                  0x011c7689
                  0x011c76de
                  0x011c76de
                  0x011c768b
                  0x011c7691
                  0x011c7693
                  0x011c7697
                  0x00000000
                  0x011c7699
                  0x011c76a8
                  0x00000000
                  0x011c76aa
                  0x011c76ad
                  0x011c76b1
                  0x00000000
                  0x011c76b3
                  0x011c76b3
                  0x011c76b5
                  0x011c76ba
                  0x011c76bc
                  0x011c76bc
                  0x011c76c0
                  0x00000000
                  0x011c76c2
                  0x011c76ce
                  0x011c76ce
                  0x011c76c0
                  0x011c76b1
                  0x011c76a8
                  0x011c7697
                  0x011c76d9

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                  • Instruction ID: d1a6c4e7a666b313ae891a2a95fbdbaef410a6bcae60c162e09b55ee53842c14
                  • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                  • Instruction Fuzzy Hash: D2018832700129ABE7249E5ECC55E5B7BADEBA5B60B140528FA09CB290DB70DD41CBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0124C450 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E0124C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E011F9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E011F95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E011F95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E011F95D0();
				return L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                  0x0124c458
                  0x0124c45d
                  0x0124c466
                  0x0124c468
                  0x0124c469
                  0x0124c46a
                  0x0124c46b
                  0x0124c46e
                  0x0124c46f
                  0x0124c471
                  0x0124c476
                  0x0124c476
                  0x0124c47c
                  0x0124c47e
                  0x0124c480
                  0x0124c480
                  0x0124c483
                  0x0124c484
                  0x0124c486
                  0x0124c488
                  0x0124c48f
                  0x0124c491
                  0x0124c493
                  0x0124c493
                  0x0124c48f
                  0x0124c498
                  0x0124c49e
                  0x0124c4ad
                  0x0124c4ad
                  0x0124c4b2
                  0x0124c4b4
                  0x0124c4cd

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                  • Instruction ID: 64db0a28e600e15b958f3757a32b26590f589fd1d3b49d79f71638937e0a4a28
                  • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                  • Instruction Fuzzy Hash: 2301967214150ABFE719AF69CD84E62FB6DFF54358F014529F31442560D721ACA1CAA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B9080 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  C-Code - Quality: 69%
                  			E011B9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x12a85ec;
				E011D2280(_t48, 0x12a85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E011CFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x12a538c; // 0x77496828
					if( *_t84 != 0x12a5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x128f6e8);
						E0120D0E8(0x12a85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E012888F5(_t80, _t85, 0x12a5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x12a86c0; // 0xc807b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x12a86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E011D2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E012888F5(0x12a85ec, _t85, 0x12a5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E011FAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x12ab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x12a84c0;
																			if(_t82 >=  *0x12a84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01289063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E011B922A(_t99);
										_t64 = E011D7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01288B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x12a86c0; // 0xc807b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x12a86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x12a86bc;
													_t87 = 0x12a86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E011B9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x12a86c4;
												_t87 = 0x12a86c0;
												L27:
												E011E9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0120D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x12a5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x12a538c = _t51;
						goto L6;
					}
				}
			}




















                  0x011b9082
                  0x011b9083
                  0x011b9084
                  0x011b9085
                  0x011b9087
                  0x011b9096
                  0x011b9098
                  0x011b9098
                  0x011b909e
                  0x011b90a8
                  0x011b90e7
                  0x011b90e7
                  0x011b90aa
                  0x011b90b0
                  0x011b90b7
                  0x011b90bd
                  0x011b90dd
                  0x011b90e6
                  0x011b90bf
                  0x011b90bf
                  0x011b90c7
                  0x011b90cf
                  0x011b90f1
                  0x011b90f2
                  0x011b90f4
                  0x011b90f5
                  0x011b90f6
                  0x011b90f7
                  0x011b90f8
                  0x011b90f9
                  0x011b90fa
                  0x011b90fb
                  0x011b90fc
                  0x011b90fd
                  0x011b90fe
                  0x011b90ff
                  0x011b9100
                  0x011b9102
                  0x011b9107
                  0x011b910c
                  0x011b9110
                  0x011b9113
                  0x011b9115
                  0x011b9136
                  0x011b913f
                  0x011b9143
                  0x012137e4
                  0x012137e4
                  0x011b9117
                  0x011b9117
                  0x011b911d
                  0x00000000
                  0x011b911f
                  0x011b911f
                  0x011b9125
                  0x00000000
                  0x011b9127
                  0x011b912d
                  0x011b9130
                  0x011b9134
                  0x011b9158
                  0x011b915d
                  0x011b9161
                  0x011b9168
                  0x01213715
                  0x011b916e
                  0x011b916e
                  0x011b9175
                  0x011b9177
                  0x011b917e
                  0x011b917f
                  0x011b9182
                  0x011b9182
                  0x011b9187
                  0x011b9187
                  0x011b918a
                  0x011b918d
                  0x011b918f
                  0x011b9192
                  0x011b9195
                  0x011b9198
                  0x011b9198
                  0x011b9198
                  0x011b919a
                  0x00000000
                  0x00000000
                  0x0121371f
                  0x01213721
                  0x01213727
                  0x0121372f
                  0x01213733
                  0x01213735
                  0x01213738
                  0x0121373b
                  0x0121373d
                  0x01213740
                  0x00000000
                  0x01213746
                  0x01213746
                  0x01213749
                  0x00000000
                  0x0121374f
                  0x0121374f
                  0x01213751
                  0x01213757
                  0x01213759
                  0x0121375c
                  0x0121375c
                  0x0121375e
                  0x0121375e
                  0x01213761
                  0x01213764
                  0x00000000
                  0x00000000
                  0x01213766
                  0x01213768
                  0x012137a3
                  0x012137a3
                  0x012137a5
                  0x012137a7
                  0x012137ad
                  0x012137b0
                  0x012137b2
                  0x012137bc
                  0x012137c2
                  0x012137c2
                  0x012137b2
                  0x011b9187
                  0x011b9187
                  0x011b918a
                  0x011b918d
                  0x011b918f
                  0x011b9192
                  0x011b9195
                  0x00000000
                  0x011b9195
                  0x00000000
                  0x0121376a
                  0x0121376a
                  0x0121376a
                  0x0121376c
                  0x0121376c
                  0x0121376f
                  0x01213775
                  0x00000000
                  0x00000000
                  0x01213777
                  0x01213779
                  0x01213782
                  0x01213787
                  0x01213789
                  0x01213790
                  0x01213790
                  0x0121378b
                  0x0121378b
                  0x0121378b
                  0x01213792
                  0x01213795
                  0x00000000
                  0x01213795
                  0x00000000
                  0x01213779
                  0x01213798
                  0x00000000
                  0x01213798
                  0x00000000
                  0x01213768
                  0x0121379b
                  0x0121379b
                  0x01213751
                  0x01213749
                  0x00000000
                  0x01213740
                  0x011b91a0
                  0x011b91a3
                  0x011b91a9
                  0x011b91b0
                  0x00000000
                  0x011b91b0
                  0x011b9187
                  0x011b91b4
                  0x011b91b4
                  0x011b91bb
                  0x011b91c0
                  0x011b91c5
                  0x011b91c7
                  0x012137da
                  0x011b91cd
                  0x011b91cd
                  0x011b91cd
                  0x011b91d2
                  0x011b91d5
                  0x011b9239
                  0x011b9239
                  0x011b91d7
                  0x011b91db
                  0x011b91e1
                  0x011b91e7
                  0x011b91fd
                  0x011b9203
                  0x011b921e
                  0x011b9223
                  0x00000000
                  0x011b9205
                  0x011b9205
                  0x011b9208
                  0x011b920c
                  0x011b9214
                  0x011b9214
                  0x011b920c
                  0x011b91e9
                  0x011b91e9
                  0x011b91ee
                  0x011b91f3
                  0x011b91f3
                  0x011b91f3
                  0x011b91e7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011b9134
                  0x011b9125
                  0x011b911d
                  0x011b914e
                  0x011b90d1
                  0x011b90d1
                  0x011b90d3
                  0x011b90d6
                  0x011b90d8
                  0x00000000
                  0x011b90d8
                  0x011b90cf

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: edefbd030c4826180506adbfc982c481982abebbc8d3fb186f45770fdb3f44d7
                  • Instruction ID: 55f332f35e63323fb0396ff036b0d4202cde2110a1dd1b9d0e54dadc68506c34
                  • Opcode Fuzzy Hash: edefbd030c4826180506adbfc982c481982abebbc8d3fb186f45770fdb3f44d7
                  • Instruction Fuzzy Hash: 8F01A4B39116099FD32D9F18D880B56BBA9EF85729F264066E6058B692C378DC42CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01284015 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E01284015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E011D2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E011D2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x12a86ac);
					E011BF900(0x12a86d4, _t28);
					E011CFFB0(0x12a86ac, _t28, 0x12a86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E011CFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                  0x0128401a
                  0x0128401e
                  0x01284023
                  0x01284028
                  0x01284029
                  0x0128402b
                  0x0128402f
                  0x01284043
                  0x01284046
                  0x01284051
                  0x01284057
                  0x0128405f
                  0x01284062
                  0x01284067
                  0x0128406f
                  0x0128407c
                  0x0128407c
                  0x0128408c
                  0x0128408c
                  0x01284097

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7de65e779620e06aa99d2ac2d3adc7d1a1dc9d295fee4e4dbeb525e515474382
                  • Instruction ID: 69cec421ebf9660998076ed48cfcc91d48fbfa08e5059ea0e96dd7d5934bc47b
                  • Opcode Fuzzy Hash: 7de65e779620e06aa99d2ac2d3adc7d1a1dc9d295fee4e4dbeb525e515474382
                  • Instruction Fuzzy Hash: B30184722119477FD219BB79CD84E13F7ACFF55A59B000229F50883A51DB34EC12C6E4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012714FB Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  C-Code - Quality: 61%
                  			E012714FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x12ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E011D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                  0x012714fb
                  0x012714fb
                  0x0127150a
                  0x01271514
                  0x01271519
                  0x0127151b
                  0x01271526
                  0x0127152c
                  0x01271534
                  0x01271537
                  0x0127153a
                  0x01271545
                  0x01271557
                  0x01271547
                  0x01271550
                  0x01271550
                  0x01271562
                  0x01271563
                  0x01271565
                  0x0127156a
                  0x0127157f

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f680fde9cda1a9f52bb5098fb6d8f4403334ca789f46a9180d0c025c4e93d32a
                  • Instruction ID: 2a064e54b99b0f49aa0d09ccd0989ceaa22aa8a88036494457509f7360cedb26
                  • Opcode Fuzzy Hash: f680fde9cda1a9f52bb5098fb6d8f4403334ca789f46a9180d0c025c4e93d32a
                  • Instruction Fuzzy Hash: 4E019271A1025DAFCB14EFA9D845EAFBBB8EF44714F40405AFA04EB380D674DA10CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0127138A Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  C-Code - Quality: 61%
                  			E0127138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x12ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E011FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E011D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                  0x0127138a
                  0x0127138a
                  0x01271399
                  0x012713a3
                  0x012713a8
                  0x012713aa
                  0x012713b5
                  0x012713bb
                  0x012713c3
                  0x012713c6
                  0x012713c9
                  0x012713d4
                  0x012713e6
                  0x012713d6
                  0x012713df
                  0x012713df
                  0x012713f1
                  0x012713f2
                  0x012713f4
                  0x012713f9
                  0x0127140e

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8bf844309c7f161a3bdec25089682125052154d4e40bda3ada20484369bad424
                  • Instruction ID: 187364a48fcc6256c016a30a26f6d655707a203d90ff4516409724b0e1966a6b
                  • Opcode Fuzzy Hash: 8bf844309c7f161a3bdec25089682125052154d4e40bda3ada20484369bad424
                  • Instruction Fuzzy Hash: D8014071A10219ABDB14EFA9D845AAEBBB8EF44714F40405AB904AB280D6749A15CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B58EC Relevance: .0, Instructions: 47COMMON
                  Download Yara Rule
                  C-Code - Quality: 91%
                  			E011B58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x12ad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1195c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E011B5943() != 0 &&  *0x12a5320 > 5) {
					E01237B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01237B5E( &_v28, _t28);
					_t11 = E01237B9C(0x12a5320, 0x119bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E011FB640(_t11, _t17, _v8 ^ _t29, 0x119bf15, _t27, _t28);
			}















                  0x011b58fb
                  0x011b58fe
                  0x011b5906
                  0x011b590a
                  0x011b593c
                  0x011b593c
                  0x011b590c
                  0x011b590c
                  0x011b5911
                  0x00000000
                  0x011b5913
                  0x011b5913
                  0x011b5913
                  0x011b5911
                  0x011b591d
                  0x01211035
                  0x0121103c
                  0x0121103f
                  0x01211056
                  0x01211056
                  0x011b593b

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a26823f1a298b7afacf9aaf8e1dea80136b8a502b25ea54a90b5146afe77b84d
                  • Instruction ID: b9263509b5558f3fbd9cfa48847fdf965afde25f7168f47a69b18aa9ea41bfb9
                  • Opcode Fuzzy Hash: a26823f1a298b7afacf9aaf8e1dea80136b8a502b25ea54a90b5146afe77b84d
                  • Instruction Fuzzy Hash: 6001F271A101099BCB1CEB29D8809FFBBBAEF92230F850069DA15A7244FF30DD02C795
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011CB02A Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011CB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E011D7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01237016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                  0x011cb037
                  0x011cb039
                  0x011cb03b
                  0x011cb040
                  0x0121a60e
                  0x00000000
                  0x00000000
                  0x0121a61d
                  0x011cb04b
                  0x011cb04e
                  0x0121a627
                  0x0121a634
                  0x00000000
                  0x00000000
                  0x0121a641
                  0x0121a653
                  0x0121a643
                  0x0121a64c
                  0x0121a64c
                  0x0121a65b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0121a66c
                  0x011cb057
                  0x011cb057
                  0x011cb057
                  0x011cb046
                  0x011cb046
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                  • Instruction ID: 97898139db4932290e4e8fd2fa8be88c023771734ff322ac75ec114a770f5a70
                  • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                  • Instruction Fuzzy Hash: 6601D4722159C09FE72AC71CC944F767BE8EBA1B80F0904A5FA15CB651D728DC40C629
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01281074 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E01281074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0128165E(__ebx, 0x12a8ae4, (__edx -  *0x12a8b04 >> 0x14) + (__edx -  *0x12a8b04 >> 0x14), __edi, __ecx, (__edx -  *0x12a8b04 >> 0x14) + (__edx -  *0x12a8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0127AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E011D7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0126FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                  0x01281074
                  0x01281080
                  0x01281082
                  0x0128108a
                  0x0128108f
                  0x01281093
                  0x012810ab
                  0x012810ab
                  0x012810c3
                  0x012810cf
                  0x012810e1
                  0x012810d1
                  0x012810da
                  0x012810da
                  0x012810e9
                  0x012810f5
                  0x012810f5
                  0x012810fe

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b00ca69ad9f539cd0fc1c456407044d8aac05cd342cee7e7613885047d4fbf18
                  • Instruction ID: 59c56da1f379db039db3803e01181a93a6e27fa903002e7ad1dd6e3d69d3f108
                  • Opcode Fuzzy Hash: b00ca69ad9f539cd0fc1c456407044d8aac05cd342cee7e7613885047d4fbf18
                  • Instruction Fuzzy Hash: E0014C726257429FC710EF28DD04B1A7BE5BB84314F048519FD85836D0EE30D452CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0126FE3F Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E0126FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x12ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E011D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                  0x0126fe3f
                  0x0126fe3f
                  0x0126fe4e
                  0x0126fe58
                  0x0126fe5d
                  0x0126fe5f
                  0x0126fe6a
                  0x0126fe72
                  0x0126fe75
                  0x0126fe78
                  0x0126fe83
                  0x0126fe95
                  0x0126fe85
                  0x0126fe8e
                  0x0126fe8e
                  0x0126fea0
                  0x0126fea1
                  0x0126fea3
                  0x0126fea8
                  0x0126febd

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 44e975b4e8fb11ee21aea5c3d9e13d3703772455f434fcd3d54f67e71a13b891
                  • Instruction ID: e9fdfd7fd7a20a4aea4ac54f0126db221cb50ffaf453a2398885a485076ad6e7
                  • Opcode Fuzzy Hash: 44e975b4e8fb11ee21aea5c3d9e13d3703772455f434fcd3d54f67e71a13b891
                  • Instruction Fuzzy Hash: 87018871E1020DABDB14DFA9D845FAEBBB8EF44714F00406AFA009B381DA749951C794
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0126FEC0 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E0126FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x12ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E011FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E011D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                  0x0126fec0
                  0x0126fec0
                  0x0126fecf
                  0x0126fed9
                  0x0126fede
                  0x0126fee0
                  0x0126feeb
                  0x0126fef3
                  0x0126fef6
                  0x0126fef9
                  0x0126ff04
                  0x0126ff16
                  0x0126ff06
                  0x0126ff0f
                  0x0126ff0f
                  0x0126ff21
                  0x0126ff22
                  0x0126ff24
                  0x0126ff29
                  0x0126ff3e

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 05aa4fa50ae4876ec1bd749c03c480cf5d5671b33ef739a1abec0aa4de73a568
                  • Instruction ID: 37b025f1d65cee196f7769e368bae2c8ad586f0d6195842ac06f0a2c0bec3207
                  • Opcode Fuzzy Hash: 05aa4fa50ae4876ec1bd749c03c480cf5d5671b33ef739a1abec0aa4de73a568
                  • Instruction Fuzzy Hash: D5018871A1020DABDB14DBA9D845FAFB7B8EF45714F40406AFA009B380DA749951C794
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288A62 Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E01288A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x12ad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E011D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011FB640(E011F9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                  0x01288a62
                  0x01288a71
                  0x01288a79
                  0x01288a82
                  0x01288a85
                  0x01288a89
                  0x01288a8c
                  0x01288a8f
                  0x01288a92
                  0x01288a95
                  0x01288a9f
                  0x01288ab1
                  0x01288aa1
                  0x01288aaa
                  0x01288aaa
                  0x01288abc
                  0x01288abd
                  0x01288abf
                  0x01288ac4
                  0x01288ada

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f81359a7f508323a870b7d340f4e7f60088b17a16d90910932f12a38560145b
                  • Instruction ID: 4b90146c985d43e2a649e6f77c0109b8b6de62ae63b49afa220248a913432359
                  • Opcode Fuzzy Hash: 8f81359a7f508323a870b7d340f4e7f60088b17a16d90910932f12a38560145b
                  • Instruction Fuzzy Hash: 52012C71A1121DAFCB04EFA9D9419AEBBB8EF58314F50405AFA04E7381D734A900CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288ED6 Relevance: .0, Instructions: 44COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E01288ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x12ad360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E011D7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                  0x01288ed6
                  0x01288ee5
                  0x01288eed
                  0x01288ef0
                  0x01288efa
                  0x01288f03
                  0x01288f0c
                  0x01288f15
                  0x01288f24
                  0x01288f27
                  0x01288f31
                  0x01288f43
                  0x01288f33
                  0x01288f3c
                  0x01288f3c
                  0x01288f4e
                  0x01288f4f
                  0x01288f51
                  0x01288f56
                  0x01288f69

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6516bdc5a60ce8f0e780dc58f610c1a0aae3465e52a9c494c0837e30befc7c6
                  • Instruction ID: d63d7e49ba9cfc3bdd7b0ba16617138cf18aead1543b366295a7b854c73aadc4
                  • Opcode Fuzzy Hash: a6516bdc5a60ce8f0e780dc58f610c1a0aae3465e52a9c494c0837e30befc7c6
                  • Instruction Fuzzy Hash: F4111E70A1120A9FDB04EFA9D441BAEBBF4FF18304F4442AAE518EB781E7349940CB90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BDB60 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011BDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E011BDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E011BE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L011BE8B0(__ecx, _t14, 0xfff);
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                  0x011bdb64
                  0x011bdb66
                  0x011bdb6b
                  0x011bdbaa
                  0x011bdb71
                  0x011bdb76
                  0x011bdb7a
                  0x011bdba3
                  0x011bdb7c
                  0x011bdb87
                  0x011bdb8b
                  0x01214fa1
                  0x01214fb3
                  0x01214fb8
                  0x011bdb91
                  0x011bdb96
                  0x011bdb98
                  0x011bdb98
                  0x011bdb8b
                  0x011bdb7a
                  0x011bdb9d
                  0x011bdba2

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                  • Instruction ID: be934fcbd6caafa01d70108f66f18801b56726d764e6fb2c50dd868926a97ec5
                  • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                  • Instruction Fuzzy Hash: C6F0C8332419239BDB3E6AD999C4BD7B6958F93B68F160035F2059B344CF64880286D6
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BB1E1 Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011BB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E011D7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E011D7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01237016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                  0x011bb1e8
                  0x011bb1ea
                  0x011bb1f3
                  0x01214a17
                  0x011bb1f9
                  0x011bb1f9
                  0x011bb1f9
                  0x011bb201
                  0x01214a21
                  0x01214a2e
                  0x00000000
                  0x00000000
                  0x01214a3b
                  0x01214a4d
                  0x01214a3d
                  0x01214a46
                  0x01214a46
                  0x01214a55
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011bb20a
                  0x011bb20a
                  0x011bb20a
                  0x011bb20a

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                  • Instruction ID: 1b8731ad42e81d979267bfb7809e40421f5186e1e6888ca1136dec4ebc288cb1
                  • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                  • Instruction Fuzzy Hash: 8401F9336145C09BD32AE75DC844FA97BD9EF65754F0A00A1FE148B6B5D774E800C319
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0124FE87 Relevance: .0, Instructions: 38COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E0124FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x12ad360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E011D7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                  0x0124fe96
                  0x0124fe9e
                  0x0124fea1
                  0x0124fead
                  0x0124feb3
                  0x0124feb9
                  0x0124fec3
                  0x0124fed5
                  0x0124fec5
                  0x0124fece
                  0x0124fece
                  0x0124fee0
                  0x0124fee1
                  0x0124fee3
                  0x0124fee8
                  0x0124fefb

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 042a8f28a1ca1a642c21ca61a135eeac2231ea7099c0e570f14045333252fe05
                  • Instruction ID: a785b50ec401898ac17fa42f830db5cf13c915f0d267ad4a54696e420386f797
                  • Opcode Fuzzy Hash: 042a8f28a1ca1a642c21ca61a135eeac2231ea7099c0e570f14045333252fe05
                  • Instruction Fuzzy Hash: D8016271A0020DEFCB14DFA8D546A6EB7F4EF04704F504159F504DB382D635E901CB40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0127131B Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E0127131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x12ad360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E011D7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                  0x0127131b
                  0x0127132a
                  0x01271330
                  0x01271336
                  0x0127133e
                  0x01271341
                  0x01271344
                  0x0127134f
                  0x01271361
                  0x01271351
                  0x0127135a
                  0x0127135a
                  0x0127136c
                  0x0127136d
                  0x0127136f
                  0x01271374
                  0x01271387

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6358289d3b0201525316be293dc951c7048bbee1a40236223b11e288db2127bc
                  • Instruction ID: 87b5d279248e380e9e27d83d943e54798d4850d8f67a9ad1be30937979a19223
                  • Opcode Fuzzy Hash: 6358289d3b0201525316be293dc951c7048bbee1a40236223b11e288db2127bc
                  • Instruction Fuzzy Hash: AC013C71A0120DAFCB04EFA9D545AAEB7F4FF18704F404059F905EB381E674AA10CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288F6A Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E01288F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x12ad360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E011D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                  0x01288f6a
                  0x01288f79
                  0x01288f81
                  0x01288f84
                  0x01288f8b
                  0x01288f91
                  0x01288f94
                  0x01288f9e
                  0x01288fb0
                  0x01288fa0
                  0x01288fa9
                  0x01288fa9
                  0x01288fbb
                  0x01288fbc
                  0x01288fbe
                  0x01288fc3
                  0x01288fd6

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d7ab8262138c6741a190657b1275678bd8b19bcc72bfa516726ee953c6a0090b
                  • Instruction ID: 131d6f03da964baaf4b55d18334ccdbea39e71ece26ee17147229348632ed2a3
                  • Opcode Fuzzy Hash: d7ab8262138c6741a190657b1275678bd8b19bcc72bfa516726ee953c6a0090b
                  • Instruction Fuzzy Hash: 42014F74A0120DAFDB04EFA8D545AAEB7F4EF18304F904059FA05EB380EB74EA00CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01271608 Relevance: .0, Instructions: 34COMMON
                  Download Yara Rule
                  C-Code - Quality: 46%
                  			E01271608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x12ad360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E011D7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                  0x01271608
                  0x01271617
                  0x0127161d
                  0x01271625
                  0x01271628
                  0x0127162b
                  0x01271636
                  0x01271648
                  0x01271638
                  0x01271641
                  0x01271641
                  0x01271653
                  0x01271654
                  0x01271656
                  0x0127165b
                  0x0127166e

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5f0fdb56066393319e18a1ef8aa720addd9ab233d9bfb3844077e69f81eeb429
                  • Instruction ID: 01dd9494afed42aba0940f2295dd34287c19e1fe34c0d47951f26c0156bdef24
                  • Opcode Fuzzy Hash: 5f0fdb56066393319e18a1ef8aa720addd9ab233d9bfb3844077e69f81eeb429
                  • Instruction Fuzzy Hash: A4F04F71A14249EFDB14EFA9D406A6FB7B4AF14304F444059AA05EB281E6349A10CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011DC577 Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011DC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E011DC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x11911cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E012888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                  0x011dc577
                  0x011dc57d
                  0x011dc581
                  0x011dc5b5
                  0x011dc5b9
                  0x011dc5ce
                  0x011dc5ce
                  0x011dc5ca
                  0x00000000
                  0x011dc5ca
                  0x011dc5c4
                  0x011dc5c8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011dc5ad
                  0x00000000
                  0x011dc5af

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bd37312e36703f62b4e2c8864e3f24160f688be06c9d9cec718e17363f65a4e6
                  • Instruction ID: 05913e8897ddceb5243a3999689c5d1c17a191c910104738976bccecf6003702
                  • Opcode Fuzzy Hash: bd37312e36703f62b4e2c8864e3f24160f688be06c9d9cec718e17363f65a4e6
                  • Instruction Fuzzy Hash: E6F0FAB2B212909EE73E832CC104B227FE99B14230FC58D6ED41683202C3A0C880CAC1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288D34 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 43%
                  			E01288D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x12ad360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E011D7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                  0x01288d34
                  0x01288d43
                  0x01288d4b
                  0x01288d4e
                  0x01288d52
                  0x01288d5c
                  0x01288d6e
                  0x01288d5e
                  0x01288d67
                  0x01288d67
                  0x01288d79
                  0x01288d7a
                  0x01288d7c
                  0x01288d81
                  0x01288d94

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 425fdb1651e8af7696825c202c6fe75c85cd0ca5314612a90d05dcba9613e2c9
                  • Instruction ID: 074300d1e9d21e143c64d2611d44c8e89fa2cb8fa241c179e261df5f658d956b
                  • Opcode Fuzzy Hash: 425fdb1651e8af7696825c202c6fe75c85cd0ca5314612a90d05dcba9613e2c9
                  • Instruction Fuzzy Hash: 71F0B470A1460D9FDB18FFB8D445B6E77B4EF14304F508099EA05EB281DA34D900CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01272073 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E01272073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0126FD22(__ecx);
				_t19 =  *0x12a849c - _t3; // 0x6744370a
				if(_t19 == 0) {
					__eflags = _t17 -  *0x12a8748; // 0x0
					if(__eflags <= 0) {
						E01271C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x12a8724 & 0x00000004;
							if(( *0x12a8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x12a8724; // 0x0
					return E01268DF1(__ebx, 0xc0000374, 0x12a5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                  0x01272076
                  0x01272078
                  0x0127207d
                  0x01272083
                  0x012720a4
                  0x012720aa
                  0x012720ac
                  0x012720b7
                  0x012720ba
                  0x012720bc
                  0x012720c9
                  0x012720c9
                  0x012720d0
                  0x012720d2
                  0x00000000
                  0x012720d2
                  0x012720be
                  0x012720c3
                  0x012720c5
                  0x012720c7
                  0x00000000
                  0x00000000
                  0x012720c7
                  0x012720bc
                  0x012720d4
                  0x01272085
                  0x01272085
                  0x012720a3
                  0x012720a3

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 74cbe2b466d9910fd0a51f8968a3dad02bb704dcc361521f0ddfe4222ef7c701
                  • Instruction ID: 3ce0bd59e91a306560faae7535b42e2d05d6788956430cbe830ccf9fce2180bf
                  • Opcode Fuzzy Hash: 74cbe2b466d9910fd0a51f8968a3dad02bb704dcc361521f0ddfe4222ef7c701
                  • Instruction Fuzzy Hash: FAF0552A836196CBDF376B3D39083E37F96EB75110F890085D6A017209C43588D3CB31
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F927A Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  C-Code - Quality: 54%
                  			E011F927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E011FFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E011F92C6(_t11, _t14);
				}
				return _t11;
			}





                  0x011f9295
                  0x011f9299
                  0x011f929f
                  0x011f92aa
                  0x011f92ad
                  0x011f92ae
                  0x011f92af
                  0x011f92b0
                  0x011f92b4
                  0x011f92bb
                  0x011f92bb
                  0x011f92c5

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                  • Instruction ID: c2b9147b3038503babec397467530b7a1fabfb7a80dfb8b999ae7c20ac8e03ba
                  • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                  • Instruction Fuzzy Hash: 6EE0ED32240A416BE725AF4ACCC0B0336A9AF92728F00407CBA001E282CBE6D80987A0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011D746D Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 88%
                  			E011D746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E011CEB70(__ecx, 0x12a79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E011F95D0();
							L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                  0x011d746d
                  0x011d746d
                  0x011d746d
                  0x011d7471
                  0x011d7488
                  0x0121f92d
                  0x011d748e
                  0x011d7491
                  0x011d7495
                  0x0121f937
                  0x0121f93a
                  0x0121f94e
                  0x0121f953
                  0x0121f956
                  0x0121f956
                  0x011d7495
                  0x00000000
                  0x011d7488
                  0x011d7473
                  0x011d7478
                  0x011d747d
                  0x011d7481
                  0x00000000
                  0x011d7481
                  0x011d747d
                  0x011d747a
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 479af08f4bc282b58aa7b8002bfb269ec5eaa7dc750515f333a0de8e7157622a
                  • Instruction ID: 9497166f1258abaf5718ef20fe069a0e019c9ef622f15f90afc8da9e2095e0cf
                  • Opcode Fuzzy Hash: 479af08f4bc282b58aa7b8002bfb269ec5eaa7dc750515f333a0de8e7157622a
                  • Instruction Fuzzy Hash: ADF05230911146AACF0FEB7CC850B7AFFB2AF1031CF55021AE961AB0E1E7248801CBC6
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288CD6 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 36%
                  			E01288CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x12ad360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E011D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                  0x01288ce5
                  0x01288ced
                  0x01288cf0
                  0x01288cfb
                  0x01288d0d
                  0x01288cfd
                  0x01288d06
                  0x01288d06
                  0x01288d18
                  0x01288d19
                  0x01288d1b
                  0x01288d20
                  0x01288d33

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 22f45e99928b84185fbc1b54804873df988f379ac71ef1cfef94d0a4597a6573
                  • Instruction ID: 3dcd7d9c56a954caa6b9767f261b1f9b8ddb3242e44ab874ca3e29df18d28b83
                  • Opcode Fuzzy Hash: 22f45e99928b84185fbc1b54804873df988f379ac71ef1cfef94d0a4597a6573
                  • Instruction Fuzzy Hash: F4F08270A1560DABDB04EFB9E946E6E77B4EF19204F500199FA15EB2C1EA34D900CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011B4F2E Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011B4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E012888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E011DC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1191030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                  0x011b4f2e
                  0x011b4f34
                  0x011b4f38
                  0x01210b85
                  0x01210b85
                  0x01210b89
                  0x01210b9a
                  0x01210b9a
                  0x01210b9f
                  0x00000000
                  0x01210b9f
                  0x01210b94
                  0x01210b98
                  0x00000000
                  0x00000000
                  0x00000000
                  0x01210b98
                  0x011b4f3e
                  0x011b4f48
                  0x00000000
                  0x011b4f6e
                  0x00000000
                  0x011b4f70

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6373e22c0917726dea00ae4f9f1a789e58c9c6ab3d01b5c31398a0595f9904cf
                  • Instruction ID: 5030a63e3cb3b6a6a988989632f068d4435daccb27b93267e80488f8adbff2ed
                  • Opcode Fuzzy Hash: 6373e22c0917726dea00ae4f9f1a789e58c9c6ab3d01b5c31398a0595f9904cf
                  • Instruction Fuzzy Hash: 8DF0E2729326869FD772DF1CC184B22B7D4BB20778F454476E6068792AE724EDC0C688
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 01288B58 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  C-Code - Quality: 36%
                  			E01288B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x12ad360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E011D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E011FB640(E011F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                  0x01288b67
                  0x01288b6f
                  0x01288b72
                  0x01288b7d
                  0x01288b8f
                  0x01288b7f
                  0x01288b88
                  0x01288b88
                  0x01288b9a
                  0x01288b9b
                  0x01288b9d
                  0x01288ba2
                  0x01288bb5

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6ccbfb55199e3516c2f2ea98b6f6cd229dc3f39503e19e1530754796f92e81b5
                  • Instruction ID: 711bb13ee1e083a523a6c2fe4eb5678145acc216dc4278b82215af076b627612
                  • Opcode Fuzzy Hash: 6ccbfb55199e3516c2f2ea98b6f6cd229dc3f39503e19e1530754796f92e81b5
                  • Instruction Fuzzy Hash: 09F05EB0A15259ABDB14EBA8D906A6E77A4AF44304F440459BA05DB2C0FB74D900C798
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EA44B Relevance: .0, Instructions: 29COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011EA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x12a7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E011FFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                  0x011ea44b
                  0x011ea453
                  0x011ea472
                  0x011ea476
                  0x00000000
                  0x011ea493
                  0x011ea47a
                  0x011ea47f
                  0x011ea486
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 090ef3f2dd52ba6a305cae2bd3d36b1be1c5e653dc5d41f831c24fc9aea15dd8
                  • Instruction ID: 32d628d9f576d781f18f89a0a5c63d5f92f718fdf355bb5a7316abf1e9015cde
                  • Opcode Fuzzy Hash: 090ef3f2dd52ba6a305cae2bd3d36b1be1c5e653dc5d41f831c24fc9aea15dd8
                  • Instruction Fuzzy Hash: 39E092B3A01822ABD2265B58BC44F66739DDFE4655F0E4439E605C7214D768DD12C7E0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BF358 Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E011BF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E011EF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L011D4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                  0x011bf35d
                  0x011bf361
                  0x011bf367
                  0x011bf372
                  0x011bf38c
                  0x011bf38c
                  0x011bf394

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                  • Instruction ID: eedbf88fd70eadd0f1f82e2a9d8e932311b392de5e0dfb4ff3aad8395238a647
                  • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                  • Instruction Fuzzy Hash: EAE0DF32A41119FBDB25AAD99E45FAABFACDB58A60F000195FA08D75A0D6719E00C3D0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011CFF60 Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011CFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x11911a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E012888F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E011D0050(_t14);
				}
			}










                  0x011cff66
                  0x011cff6b
                  0x00000000
                  0x011cff8f
                  0x00000000
                  0x011cff8f

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 68353948a08466d22fda88bbc9eb25ef0d834e625a9b2a6bc1cacaac6d1a7854
                  • Instruction ID: c85b9a4e369c99c2fea44947dd8289afeaa230995344ec45ab8d1d593f877226
                  • Opcode Fuzzy Hash: 68353948a08466d22fda88bbc9eb25ef0d834e625a9b2a6bc1cacaac6d1a7854
                  • Instruction Fuzzy Hash: CBE0D8B2105287AFD73DD759D140F253799DB61A21F19801DE00847502C721D982C287
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012441E8 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  C-Code - Quality: 82%
                  			E012441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x12908f0);
				_t5 = E0120D08C(__ebx, __edi, __esi);
				if( *0x12a87ec == 0) {
					E011CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x12a87ec == 0) {
						 *0x12a87f0 = 0x12a87ec;
						 *0x12a87ec = 0x12a87ec;
						 *0x12a87e8 = 0x12a87e4;
						 *0x12a87e4 = 0x12a87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01244248();
				}
				return E0120D0D1(_t5);
			}





                  0x012441e8
                  0x012441ea
                  0x012441ef
                  0x012441fb
                  0x01244206
                  0x0124420b
                  0x01244216
                  0x0124421d
                  0x01244222
                  0x0124422c
                  0x01244231
                  0x01244231
                  0x01244236
                  0x0124423d
                  0x0124423d
                  0x01244247

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a370b3922fe619329cb22a00b2f79393ba09e503784a1263856dc903885099ed
                  • Instruction ID: 5e1a80861223286ae6d3a0825839ea47e537ae803ce250e85e0fac048b921e59
                  • Opcode Fuzzy Hash: a370b3922fe619329cb22a00b2f79393ba09e503784a1263856dc903885099ed
                  • Instruction Fuzzy Hash: 73F0397E971745CFCBB9EFA9E9087283EB4F754312F80412AD1048B289C77445A0CF01
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0126D380 Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0126D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L011BE8B0(__ecx, _a4, 0xfff);
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                  0x0126d38a
                  0x0126d39b
                  0x0126d3b1
                  0x00000000
                  0x0126d3b6
                  0x00000000

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                  • Instruction ID: 5823253bebc690ad6b977cd963f9adf815bfd356e8a4da711156c887b70edb48
                  • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                  • Instruction Fuzzy Hash: A0E0C23238160EBBDB226F84CC00FA9BB1ADB607A4F104031FE489A6D0C6719CA1DAC4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011EA185 Relevance: .0, Instructions: 20COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011EA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x12a67e4 >= 0xa) {
					if(_t5 < 0x12a6800 || _t5 >= 0x12a6900) {
						return L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E011D0010(0x12a67e0, _t5);
				}
			}





                  0x011ea190
                  0x011ea1a6
                  0x011ea1c2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x011ea192
                  0x011ea192
                  0x011ea19f
                  0x011ea19f

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 67d89467ec74d146d1ffa66d9235028f0e0a4e73dfc3f6ecce46899e0029eb81
                  • Instruction ID: f7ea67db0ca6ce1a7fc1a1889261d0b9bdfe24acbf87b3b4d71bf71d7efe3cc7
                  • Opcode Fuzzy Hash: 67d89467ec74d146d1ffa66d9235028f0e0a4e73dfc3f6ecce46899e0029eb81
                  • Instruction Fuzzy Hash: 5CD02E621308006BC62D2380AC3CB253A92FB847A4FBE480CF2034F9E0EB60C8D48209
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E16E0 Relevance: .0, Instructions: 17COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E011E1710(0x12a67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L011D4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                  0x011e16e8
                  0x011e16ef
                  0x011e16f3
                  0x011e16fe
                  0x00000000
                  0x011e1700
                  0x011e170d
                  0x011e170d
                  0x011e16f2
                  0x011e16f2
                  0x011e16f2
                  0x011e16f2

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ebce553478721476df831e2b9ad5968271e2b99433b1553229f973f59ab81253
                  • Instruction ID: 8bba34f6544d7e134d7c65664fbb19263be8fd614cde044174b86e3890ac5018
                  • Opcode Fuzzy Hash: ebce553478721476df831e2b9ad5968271e2b99433b1553229f973f59ab81253
                  • Instruction Fuzzy Hash: 3BD0A731250901B2EA2D5F549C48B1426D2EB98B85F78005CF207498D0CFF0CCD2E848
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 012353CA Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E012353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E011CEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                  0x012353ca
                  0x012353ce
                  0x012353d9
                  0x012353de
                  0x012353e1
                  0x012353e1
                  0x012353e6
                  0x012353f3
                  0x00000000
                  0x012353f8
                  0x012353fb

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                  • Instruction ID: 470662b179b789d28f91fa3b3fc2d5851c29fc7ab6ea903a4e3609dfd3476826
                  • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                  • Instruction Fuzzy Hash: E4E08C729507819BCF16DB48C650F5EBBF5FB84B00F190408A1085B660C734AC00CB00
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E35A1 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E011CEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                  0x011e35a1
                  0x011e35a1
                  0x011e35a5
                  0x011e35ab
                  0x011e35ab
                  0x011e35b5
                  0x00000000
                  0x011e35c1
                  0x011e35b7

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                  • Instruction ID: c04d8ac9d45b2652ec986307f91fd5511e1460b55f922b2b00ae90d1866b402a
                  • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                  • Instruction Fuzzy Hash: 3AD0A9314629819AEB0EAB94C21C7783BF2BF00308F582069801307A52C33A4A0ACE01
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011CAAB0 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011CAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                  0x011caab6
                  0x011caabb
                  0x0121a442
                  0x00000000
                  0x0121a448
                  0x0121a454
                  0x0121a454
                  0x011caac1
                  0x011caac1
                  0x011caac6
                  0x011caac6

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                  • Instruction ID: 6565e7d5dc1bd6594d5a724ff5ed32a3ae81adab1673e20862e8f831cb840eb8
                  • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                  • Instruction Fuzzy Hash: 93D0C935352980CFD61BCB0CC554B0633A4FF04B44FC50490E500CB722E72CD940CA00
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0123A537 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0123A537(intOrPtr _a4, intOrPtr _a8) {

				return L011D8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                  0x0123a553

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                  • Instruction ID: 4c3eda3b8157ca5d0da8fb9e418998bfd3c5e3a455c6b9d833b912344563d86b
                  • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                  • Instruction Fuzzy Hash: A9C08C33080248BBCB126F81CC00F467F2AFBA4B60F008010FA080B570C632E970EB84
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BDB40 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011BDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L011D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                  0x011bdb4d
                  0x011bdb54
                  0x011bdb5f
                  0x011bdb56
                  0x011bdb56
                  0x011bdb5c
                  0x011bdb5c

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                  • Instruction ID: 2e3fea06df5885a039e224b18c12f90bc803a81fa84358cc421993a26a04bddf
                  • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                  • Instruction Fuzzy Hash: DEC08C30280A01AAEB2A1F20CE81B403AA0BB11B09F8400A0A301DA8F0DB78D801E600
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011BAD30 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011BAD30(intOrPtr _a4) {

				return L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                  0x011bad49

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                  • Instruction ID: 1ffd548789d86df60006a1b9453360901983dd2a5d51ac0f56263052b3e7cae2
                  • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                  • Instruction Fuzzy Hash: CCC02B330C0648BBC7126F45CD00F01BF2DE7A0B60F010020F6040B6B1CA32EC60D588
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011D3A1C Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011D3A1C(intOrPtr _a4) {
				void* _t5;

				return L011D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                  0x011d3a35

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                  • Instruction ID: 18fdd8e8c90108538a968798adbe5b7979e37f22efa5a62f3adca7eebcb61633
                  • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                  • Instruction Fuzzy Hash: C2C08C32080248BBC7126E41DC40F017B29E7A0B60F000020B6040A9608632EC60D588
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E36CC Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L011D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                  0x011e36d2
                  0x011e36e8
                  0x011e36d4
                  0x011e36e5
                  0x011e36e5

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                  • Instruction ID: 74cf6cc04fb4aa220dfe420afe2714f8590c858fb5f20a889f58e2a107b76a20
                  • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                  • Instruction Fuzzy Hash: 2CC02B70160840FBD71D1F30CD80F147294F700A21F640354723146CF0D7389D00D500
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011C76E2 Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011C76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L011D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                  0x011c76e4
                  0x00000000
                  0x011c76f8
                  0x011c76fd

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                  • Instruction ID: 763d3f9bd97421dbc83defafae399cfc63c7d9e1cf5d0f5170317aa7d0b56a7c
                  • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                  • Instruction Fuzzy Hash: 03C08C711415805AFB2E570CCE26B283A50AB28B0CFC8019CEA01094E2C3A8A802CA08
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011D7D50 Relevance: .0, Instructions: 7COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011D7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                  0x011d7d56
                  0x011d7d5b
                  0x011d7d60
                  0x011d7d5d
                  0x011d7d5d
                  0x011d7d5d

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                  • Instruction ID: 0910bddeac083dd1cc3d141e8f8f760dbe6d5aa4d137c1866716143a982fb76d
                  • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                  • Instruction Fuzzy Hash: 5AB092353019408FCE1ADF18C080B1933E4BB45A44B8400D4E400CBA21D329E8008900
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E2ACB Relevance: .0, Instructions: 5COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E011E2ACB() {
				void* _t5;

				return E011CEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                  0x011e2adc

                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                  • Instruction ID: 6df0640e60757bd2e5102f6e75000f8307e079b4396155ee2cd1ac5d08d5d9a9
                  • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                  • Instruction Fuzzy Hash: 89B01232C51441CFCF06EF40C610B297731FB10B50F094494900127930C328AC01CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011FAD30 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 77a012dd2ad8f8688f24ad72f0040aae5adff9cd70f5c12bd321d78f1655e316
                  • Instruction ID: e26a3d6c434def3d72fa013602d43dc83a5cf5dbfebb48ee2883d7b349494682
                  • Opcode Fuzzy Hash: 77a012dd2ad8f8688f24ad72f0040aae5adff9cd70f5c12bd321d78f1655e316
                  • Instruction Fuzzy Hash: ED900271A1600412924171E948146464006B7E0781B55C111A0504558DC9D48A5563E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 99c2322033a6714a1cc70ddda50f3e9591313bcdee944bad6cbf311b33e137b8
                  • Instruction ID: 75b409d44ea933926d0ffcd97109725b1c852cf1694dbeab294712793beb37e5
                  • Opcode Fuzzy Hash: 99c2322033a6714a1cc70ddda50f3e9591313bcdee944bad6cbf311b33e137b8
                  • Instruction Fuzzy Hash: 199002E1212144924601A2E98404B0A4505A7E0241B51C116E1044564DC5A58851A275
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9950 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c010639965ba89ccf4d6ab859b485e883e67d0cf255c642d03e98bfc15762d67
                  • Instruction ID: a91d85b677013b937a1c1e9b3230402a7f133f8a735dab4a7e95c0481544b102
                  • Opcode Fuzzy Hash: c010639965ba89ccf4d6ab859b485e883e67d0cf255c642d03e98bfc15762d67
                  • Instruction Fuzzy Hash: 4F9002A121240803D24165E948046070005A7D0342F51C111A2054559FCAA98C517275
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9540 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 771952c1bbc65a9a8e0d60a20799925ac41499e827fca1648e34cb216b358713
                  • Instruction ID: 6c707740720beebb3452197c62ab293f97e89b41db34ecf80c00d00dd7a9b474
                  • Opcode Fuzzy Hash: 771952c1bbc65a9a8e0d60a20799925ac41499e827fca1648e34cb216b358713
                  • Instruction Fuzzy Hash: 95900265222004030206A5E907045070046A7D5391351C121F1005554DD6A188616261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9560 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 21585a85154d1db2a8f700762908c0f0e7cef82e5c3b5f54c3c24ebf9fdc5b48
                  • Instruction ID: fc94c86833266e8550b94c15e619f9d655619dd2baa7b178d15e7f6c87deefb0
                  • Opcode Fuzzy Hash: 21585a85154d1db2a8f700762908c0f0e7cef82e5c3b5f54c3c24ebf9fdc5b48
                  • Instruction Fuzzy Hash: 1C900265232004020246A5E9060450B0445B7D6391391C115F1406594DC6A188656361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F99D0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cbd0b199dc4752aad507adba28717defde3d5b0a2292a461c00063e5c397eb74
                  • Instruction ID: 1f244f2bb79157389f7c4f8214ec0ab0d70089671650e34ad20684a47c0970f6
                  • Opcode Fuzzy Hash: cbd0b199dc4752aad507adba28717defde3d5b0a2292a461c00063e5c397eb74
                  • Instruction Fuzzy Hash: B79002A122200442D20561E944047060045A7E1241F51C112A2144558DC5A98C616265
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F95F0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b8bb7899b1f3957edb9746da72ac2cc11f8f9f0c62f4a4dce94ed9956448b633
                  • Instruction ID: 0e5ec52bfd1af58c88e4bedfda97d5994d7de12a745393baa9f0942e79a36e36
                  • Opcode Fuzzy Hash: b8bb7899b1f3957edb9746da72ac2cc11f8f9f0c62f4a4dce94ed9956448b633
                  • Instruction Fuzzy Hash: 7C90027121200C02D20561E948046860005A7D0341F51C111A6014659FD6E588917271
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9820 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c4d6dd0bedd169ffc34b6d1f41d8785027b37c8e372c5196b1f33bbc619aa6b6
                  • Instruction ID: 34b66a795b109f6b7d0b31fc3c810d68f5eeba0c61a8b61b39b2ce6ee0d9c7dc
                  • Opcode Fuzzy Hash: c4d6dd0bedd169ffc34b6d1f41d8785027b37c8e372c5196b1f33bbc619aa6b6
                  • Instruction Fuzzy Hash: 7190027125200802D24271E944046060009B7D0281F91C112A0414558FC6D58A56BBA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011FB040 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bf845008721411ee8362f6c8983cf65b04231720ff784ae9aed3168d7b607a04
                  • Instruction ID: d3c43a3442814b46b9da8ad3840b74955ffc7d6519ccc393e76b5e6e81133f35
                  • Opcode Fuzzy Hash: bf845008721411ee8362f6c8983cf65b04231720ff784ae9aed3168d7b607a04
                  • Instruction Fuzzy Hash: 9B9002A1612144434641B1E948044065015B7E1341391C221A0444564DC6E88855A3A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F98A0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 637d10860ce7af8baf5b5d511f16d6bd76060c9ee7e534ae4264bfb828075b89
                  • Instruction ID: 7619089af34b3d48731371423a0415100e1e035145185f57ee34d66d90329b08
                  • Opcode Fuzzy Hash: 637d10860ce7af8baf5b5d511f16d6bd76060c9ee7e534ae4264bfb828075b89
                  • Instruction Fuzzy Hash: 9390026131200802D20361E944146060009E7D1385F91C112E1414559EC6A58953B272
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011FA710 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60e4d7c98b00514123eeea6dcca086dcbfe8a6efd4275dd30eb7b4a89e9ef180
                  • Instruction ID: e73ba4646342da9288615c6c01cce6c9fd33d279f703c954eefd6b24965eba11
                  • Opcode Fuzzy Hash: 60e4d7c98b00514123eeea6dcca086dcbfe8a6efd4275dd30eb7b4a89e9ef180
                  • Instruction Fuzzy Hash: 31900271312004529601A6E95804A4A4105A7F0341B51D115A4004558DC5D488616261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9B00 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: af549c6ada4b79bd9edbdbb40e600bb83fcf4cf52a041c3657ab0e784e42dfc4
                  • Instruction ID: d1ccbb055ede2d6dbffa9f2b868c128a1b6ec805f8b322dbf8a253e20512d4f3
                  • Opcode Fuzzy Hash: af549c6ada4b79bd9edbdbb40e600bb83fcf4cf52a041c3657ab0e784e42dfc4
                  • Instruction Fuzzy Hash: E790026125200C02D24171E984147070006E7D0641F51C111A0014558EC696896577F1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9730 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6148f4ee165c11c5f64b628288d27b62730991ecfc62896ccf0907a55248ea5b
                  • Instruction ID: e036a28e92121ace590c544b298a0183c86d6f2bd6fee139d475fc141f2d54ac
                  • Opcode Fuzzy Hash: 6148f4ee165c11c5f64b628288d27b62730991ecfc62896ccf0907a55248ea5b
                  • Instruction Fuzzy Hash: 2390026161600802D24171E954187060015A7D0241F51D111A0014558EC6D98A5577E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9770 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2a02eb37246a036df6b34551f14a528471eadf038cc5c2d8b5ad259c3f97c45
                  • Instruction ID: 2e249176d5fcae4b5c37865aa2c3b44150b7a8e156601d53b013ccb50e4cb3dc
                  • Opcode Fuzzy Hash: b2a02eb37246a036df6b34551f14a528471eadf038cc5c2d8b5ad259c3f97c45
                  • Instruction Fuzzy Hash: 3B90026121604842D20165E95408A060005A7D0245F51D111A1054599EC6B58851B271
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011FA770 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cad660e6209fe0b1473945074c8fb440fd01ce7809275fda73210e04ec2a5c5f
                  • Instruction ID: ce2c0d800d732885075f2655243025443ba17c8763f6b45b71a614eabbf361ae
                  • Opcode Fuzzy Hash: cad660e6209fe0b1473945074c8fb440fd01ce7809275fda73210e04ec2a5c5f
                  • Instruction Fuzzy Hash: 4B90027521604842D60165E95804A870005A7D0345F51D511A041459CEC6D48861B261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9760 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c9d1ac3195ebeca4e1d7846047d58a12766e35c6fe24cc36efa7cb691ba0b770
                  • Instruction ID: bb119c6366b7c21a984f833b8cc86c50289e6fcb660737fcec8001a41a74071f
                  • Opcode Fuzzy Hash: c9d1ac3195ebeca4e1d7846047d58a12766e35c6fe24cc36efa7cb691ba0b770
                  • Instruction Fuzzy Hash: 8E90027121200803D20161E955087070005A7D0241F51D511A041455CED6D688517261
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011FA3B0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 41fe11fe97159c9e28c5ed2226bbe5efb7a301e9fa37b1179d8108ac857701ec
                  • Instruction ID: dd6e3d2fd97e50e36d0f6735de5afc2b30514758e74aadf05ee5af0723e7a12c
                  • Opcode Fuzzy Hash: 41fe11fe97159c9e28c5ed2226bbe5efb7a301e9fa37b1179d8108ac857701ec
                  • Instruction Fuzzy Hash: E290027121244402D24171E9844460B5005B7E0341F51C511E0415558DC6958856A361
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F97A0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5c1b711526405917ab61ae3fab3a6f7954d06a3646e020f202e84ae017b3cdca
                  • Instruction ID: 348d6ad9992facb9bdbb669b743f244a401d16a002ab4c86aab3b3c53e784447
                  • Opcode Fuzzy Hash: 5c1b711526405917ab61ae3fab3a6f7954d06a3646e020f202e84ae017b3cdca
                  • Instruction Fuzzy Hash: 7390026131200403D24171E954186064005F7E1341F51D111E0404558DD99588566362
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9FE0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 50e28ad5a8ae7d86e6744eb5e14e45b32e083631a2a82a36ab88a4c521533ca9
                  • Instruction ID: b771df5ac57e08505374339fa49ecec2aaa29b5730467a727480086cd1c3db04
                  • Opcode Fuzzy Hash: 50e28ad5a8ae7d86e6744eb5e14e45b32e083631a2a82a36ab88a4c521533ca9
                  • Instruction Fuzzy Hash: 5A90027132214802D21161E984047060005A7D1241F51C511A081455CEC6D588917262
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9610 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8f95e5b1cdf135d4c9328e7b9108a98da63e6dae488a9a51f709e5048fcfd5ee
                  • Instruction ID: fc53e0fc4c0a99db4d717d17efb2ea66c962fa9276c0ce56d89154c68aed139b
                  • Opcode Fuzzy Hash: 8f95e5b1cdf135d4c9328e7b9108a98da63e6dae488a9a51f709e5048fcfd5ee
                  • Instruction Fuzzy Hash: 4490027161600C02D25171E944147460005A7D0341F51C111A0014658EC7D58A5577E1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9A10 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 17228241ace65138f1a6f741fb12fa074077a823640cdf7e3e3aa3dee60b1a95
                  • Instruction ID: 2118dd5958b793406f974cd80ddce9d3b5e9f72c834d94282b53abbf469a35e7
                  • Opcode Fuzzy Hash: 17228241ace65138f1a6f741fb12fa074077a823640cdf7e3e3aa3dee60b1a95
                  • Instruction Fuzzy Hash: 5790027121240802D20161E948087470005A7D0342F51C111A5154559FC6E5C8917671
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9A20 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4136143671708393429bfb943fbbf13a0d9d7d1c842e1dc4f649221d5eac475a
                  • Instruction ID: 8aa91584aba53603c092010b49048c39b076bac403e524e4595f8a1e782a0b31
                  • Opcode Fuzzy Hash: 4136143671708393429bfb943fbbf13a0d9d7d1c842e1dc4f649221d5eac475a
                  • Instruction Fuzzy Hash: 0590026161200442424171F988449064005BBE1251751C221A0988554EC5D9886567A5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9650 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 722668a59f5b7a43694b184351e9b081b05b12776deea6c4e502bfe8aeb184d2
                  • Instruction ID: 093694d2740061feb89a69decd43a083d90e2cceab536dbd6fbd435be700f184
                  • Opcode Fuzzy Hash: 722668a59f5b7a43694b184351e9b081b05b12776deea6c4e502bfe8aeb184d2
                  • Instruction Fuzzy Hash: 1690027121604C42D24171E94404A460015A7D0345F51C111A0054698ED6A58D55B7A1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9A80 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: de2e2cd00e7f78a8a70e8cacdc408440bc4d753cc463e4e7bd98b01547d432e8
                  • Instruction ID: 6ec8c351679e43acc52e9025977f4b1baad11551470f72f086c5823e525c2c8c
                  • Opcode Fuzzy Hash: de2e2cd00e7f78a8a70e8cacdc408440bc4d753cc463e4e7bd98b01547d432e8
                  • Instruction Fuzzy Hash: 2990026121244842D24162E94804B0F4105A7E1242F91C119A4146558DC99588556761
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F96D0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dce8a303657d72a819cfe031c8ead40250cb629a5b53d879213a31be018fb729
                  • Instruction ID: 83506dccf0df5d5a3ef652091e95a80fbb56cae3b081bef9c1e765cf439c3865
                  • Opcode Fuzzy Hash: dce8a303657d72a819cfe031c8ead40250cb629a5b53d879213a31be018fb729
                  • Instruction Fuzzy Hash: 3490027121200C42D20161E94404B460005A7E0341F51C116A0114658EC695C8517661
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011F9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                  • Instruction ID: 21dd757bfc7974d86c490018f33deb06f16bf7284309ef2c1ec8343648a45764
                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                  • Instruction Fuzzy Hash:
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 011E645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 26%
                  			E011E645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x12ad360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E011FFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E011D2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E011CFFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x12ab1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E011FB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                  0x011e645b
                  0x011e6463
                  0x011e646d
                  0x011e6475
                  0x011e647a
                  0x011e647e
                  0x011e6480
                  0x011e648c
                  0x011e6490
                  0x011e6495
                  0x011e6498
                  0x011e649b
                  0x011e649f
                  0x011e64a1
                  0x01227c07
                  0x01227c09
                  0x01227c0c
                  0x00000000
                  0x011e64a7
                  0x011e64a7
                  0x011e64aa
                  0x01227bf7
                  0x01227c00
                  0x00000000
                  0x01227bf9
                  0x01227bf9
                  0x01227bf9
                  0x011e64b0
                  0x011e64b0
                  0x011e64b2
                  0x011e64b2
                  0x011e64b3
                  0x011e64ba
                  0x011e6553
                  0x011e655e
                  0x011e6566
                  0x011e656c
                  0x011e6575
                  0x011e657f
                  0x011e6585
                  0x011e6588
                  0x011e6588
                  0x011e64c7
                  0x011e64cb
                  0x011e64ce
                  0x011e64d3
                  0x011e64da
                  0x011e64e5
                  0x011e64ed
                  0x011e64f1
                  0x011e64f5
                  0x011e64f6
                  0x011e64fa
                  0x011e6502
                  0x011e6503
                  0x011e6504
                  0x011e6507
                  0x011e651a
                  0x011e6524
                  0x011e6524
                  0x011e6526
                  0x011e6526
                  0x011e64aa
                  0x011e652c
                  0x011e652d
                  0x011e652e
                  0x011e6539

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: DebugPrintTimes
                  • String ID: 0$0
                  • API String ID: 3446177414-203156872
                  • Opcode ID: a9ed97bb01bffc97dd83064422674525a1bf070211d671dd4ddcd4d391f48542
                  • Instruction ID: 356959f16b542b59119700621bd980d95bfc582df7a95ba0f450f7e6e58424a8
                  • Opcode Fuzzy Hash: a9ed97bb01bffc97dd83064422674525a1bf070211d671dd4ddcd4d391f48542
                  • Instruction Fuzzy Hash: BB416BB16087069FD319CF68C448A1ABBE5FF98718F44452EF588DB301D771EA05CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0124FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E0124FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E011FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01245720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01245720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                  0x0124fdda
                  0x0124fde2
                  0x0124fde5
                  0x0124fdec
                  0x0124fdfa
                  0x0124fdff
                  0x0124fe0a
                  0x0124fe0f
                  0x0124fe17
                  0x0124fe1e
                  0x0124fe19
                  0x0124fe19
                  0x0124fe19
                  0x0124fe20
                  0x0124fe21
                  0x0124fe22
                  0x0124fe25
                  0x0124fe40

                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0124FDFA
                  Strings
                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0124FE01
                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0124FE2B
                  Memory Dump Source
                  • Source File: 0000000E.00000002.516873753.0000000001190000.00000040.00000800.00020000.00000000.sdmp, Offset: 01190000, based on PE: true
                  • Associated: 0000000E.00000002.519574415.00000000012AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                  • Associated: 0000000E.00000002.519591926.00000000012AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_14_2_1190000_InstallUtil.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                  • API String ID: 885266447-3903918235
                  • Opcode ID: 214f3f0430efcfd0317159a5b744d1f94a4e528cf073e23f011ccf0777bdb01d
                  • Instruction ID: b1027dc5b22659fc4bd813ffe203218ce684d9c8b48a7701dd6dcd7522a8458c
                  • Opcode Fuzzy Hash: 214f3f0430efcfd0317159a5b744d1f94a4e528cf073e23f011ccf0777bdb01d
                  • Instruction Fuzzy Hash: 1EF0F636250202BFE72C1A49DD02F33BF5AEB84B30F140318F7685A5D1DA62F82096F0
                  Uniqueness

                  Uniqueness Score: -1.00%